Blackster Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 Hei, Det ser ut som jeg har klart å trykke på neo som gjorde at Trend logget at det var et pak_generic.001 virus som var på maskinen. men den klarte ikke å gjøre noe med den. etter det har jeg sett at det startes en prosess fra Temp katalogen som er ikke mulig å kjenne igjen. legger en hijackthis log. kan noen hjelpe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:02, on 09.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ADMonitor.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\AtService.exe C:\WINDOWS\system32\FpLogonServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Programfiler\ThinkVantage\AMSG\Amsg.exe C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Lenovo\Zoom\TpScrex.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\HP\HP UT\bin\hppusg.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\ThinkPad\Bluetooth Software\BTTray.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Programfiler\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Intel\WirelessCommon\RegSrvc.exe C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe c:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\VF69D4.EXE C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programfiler\Lenovo Fingerprint Software\fpapp.exe" \s O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [HPPQVideo] "C:\Programfiler\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPUsageTracking] "C:\Programfiler\HP\HP UT\bin\hppusg.exe" "C:\Programfiler\HP\HP UT\" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Programfiler\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send til Bluetooth - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://antivirus.doorway.no/officescan/con...ll/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://antivirus.doorway.no/officescan/con...stall/setup.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekte.no/aurigma/ImageUploader5.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://antivirus.doorway.no/officescan/con.../RemoveCtrl.cab O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - https://skyfex.com/download/SkyFexExpert.cab O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgam...GamesPlayer.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.tvucricket.com/player/vjocx-en-black.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Programfiler\Intel\WiFi\bin\EvtEng.exe O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Programfiler\Fellesfiler\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Programfiler\Intel\WiFi\bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe Lenke til kommentar
snippsat Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 Gjør dette. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
Blackster Skrevet 9. mai 2009 Forfatter Del Skrevet 9. mai 2009 Gjør dette. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2098 Windows 5.1.2600 Service Pack 3 09.05.2009 11:51:19 mbam-log-2009-05-09 (11-51-19).txt Skanntype: Rask Skann Objekter skannet: 90245 Tid tilbakelagt: 3 minute(s), 39 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
Blackster Skrevet 9. mai 2009 Forfatter Del Skrevet 9. mai 2009 Gjør dette. --- --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Jeg får opp en error når jeg kjører programmet. et eller annet om at det kan være et patchvirus som gjør at programmet ikke kan kjøres? Lenke til kommentar
Blackster Skrevet 9. mai 2009 Forfatter Del Skrevet 9. mai 2009 Disable trend prøv igjen. ¨ Funker ikke. jeg får opp et passord når jeg skal unable officescan. Lenke til kommentar
snippsat Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 Slett. C:\WINDOWS\TEMP\VF69D4.EXE Problemer bruk Killbox Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Ny hijackthis logg. Lenke til kommentar
Blackster Skrevet 9. mai 2009 Forfatter Del Skrevet 9. mai 2009 Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ADMonitor.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\AtService.exe C:\WINDOWS\system32\FpLogonServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Programfiler\ThinkVantage\AMSG\Amsg.exe C:\Programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\Zoom\TpScrex.exe C:\Programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\HP\HP UT\bin\hppusg.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\ThinkPad\Bluetooth Software\BTTray.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Programfiler\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Intel\WirelessCommon\RegSrvc.exe C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe c:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\programfiler\lenovo\system update\suservice.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\Programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Windows Live\Toolbar\wltuser.exe C:\Programfiler\Trend Micro\OfficeScan Client\PccNTMon.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programfiler\Lenovo Fingerprint Software\fpapp.exe" \s O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [HPPQVideo] "C:\Programfiler\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM2320_MFP_Series -f PQOptimizerVideo.xml -o remindLater O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPUsageTracking] "C:\Programfiler\HP\HP UT\bin\hppusg.exe" "C:\Programfiler\HP\HP UT\" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Programfiler\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send til Bluetooth - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://antivirus.doorway.no/officescan/con...ll/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://antivirus.doorway.no/officescan/con...stall/setup.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekte.no/aurigma/ImageUploader5.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://antivirus.doorway.no/officescan/con.../RemoveCtrl.cab O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - https://skyfex.com/download/SkyFexExpert.cab O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgam...GamesPlayer.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.tvucricket.com/player/vjocx-en-black.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Programfiler\Intel\WiFi\bin\EvtEng.exe O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Programfiler\Fellesfiler\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Programfiler\Intel\WiFi\bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe logg etter ha kjørt CCleaner Lenke til kommentar
snippsat Skrevet 9. mai 2009 Del Skrevet 9. mai 2009 Det ser bra ut nå. Får du flere problemer tar vi scann med noe som gir samme info som combofix. Men saster på at det er greit nå. Sjekk om software er oppdatert Secunia Surf trygt. Lenke til kommentar
Blackster Skrevet 9. mai 2009 Forfatter Del Skrevet 9. mai 2009 Det ser bra ut nå.Får du flere problemer tar vi scann med noe som gir samme info som combofix. Men saster på at det er greit nå. Sjekk om software er oppdatert Secunia Surf trygt. Takk så mycket, det med å trykke på linker med folk man chatter med, kan ha en kjip konsekvens. Lenke til kommentar
Blackster Skrevet 13. mai 2009 Forfatter Del Skrevet 13. mai 2009 Det ser bra ut nå.Får du flere problemer tar vi scann med noe som gir samme info som combofix. Men saster på at det er greit nå. Sjekk om software er oppdatert Secunia Surf trygt. Ser ut som uromomentet er tilbake. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:19, on 13.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ADMonitor.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\AtService.exe C:\WINDOWS\system32\FpLogonServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Programfiler\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\OGAVerify.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\TpShocks.exe C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe C:\Programfiler\ThinkVantage\AMSG\Amsg.exe C:\Programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\Lenovo\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\Zoom\TpScrex.exe C:\Programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcFnF5.exe C:\Programfiler\HP\HP UT\bin\hppusg.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\Uniblue\RegistryBooster\RegistryBooster.exe C:\Programfiler\ThinkPad\Bluetooth Software\BTTray.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Programfiler\Intel\WiFi\bin\EvtEng.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Intel\WirelessCommon\RegSrvc.exe C:\Programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe c:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe c:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\programfiler\lenovo\system update\suservice.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\WD8036.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programfiler\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programfiler\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\Programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programfiler\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Programfiler\Lenovo Fingerprint Software\fpapp.exe" \s O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe O4 - HKLM\..\Run: [AMSG] C:\Programfiler\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [ACWLIcon] C:\Programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Programfiler\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPUsageTracking] "C:\Programfiler\HP\HP UT\bin\hppusg.exe" "C:\Programfiler\HP\HP UT\" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Programfiler\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Programfiler\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send til Bluetooth - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://antivirus.doorway.no/officescan/con...ll/WinNTChk.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://antivirus.doorway.no/officescan/con...stall/setup.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekte.no/aurigma/ImageUploader5.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://antivirus.doorway.no/officescan/con.../RemoveCtrl.cab O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - https://skyfex.com/download/SkyFexExpert.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgam...GamesPlayer.cab O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.tvucricket.com/player/vjocx-en-black.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programfiler\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Programfiler\Intel\WiFi\bin\EvtEng.exe O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programfiler\ThinkPad\Utilities\PWMDBSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Programfiler\Fellesfiler\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Programfiler\Intel\WiFi\bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programfiler\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Programfiler\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programfiler\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- End of file - 16202 bytes Lenke til kommentar
Blackster Skrevet 13. mai 2009 Forfatter Del Skrevet 13. mai 2009 og nå fikk jeg kjørt combofix. her er loggen til den ComboFix 09-05-12.06 - Balal 13.05.2009 10:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2026.1369 [GMT 2:00] Kjører fra: c:\documents and settings\Balal\Skrivebord\ComboFix.exe AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-13 til 2009-05-13 ))))))))))))))))))))))))))))))))) . 2009-05-13 08:26 . 2009-05-13 08:26 -------- d-----w c:\programfiler\Java 2009-05-13 08:17 . 2009-05-13 08:17 -------- d-----w c:\documents and settings\Balal\Programdata\Uniblue 2009-05-13 08:17 . 2009-05-13 08:17 -------- d-----w c:\programfiler\Uniblue 2009-05-13 08:17 . 2009-05-13 08:17 -------- dc-h--w c:\documents and settings\All Users\Programdata\{92E7A367-8E12-4830-AA70-29C32E331A81} 2009-05-10 15:28 . 2009-05-10 15:28 -------- d-----w c:\documents and settings\Balal\Lokale innstillinger\Programdata\Google 2009-05-10 15:27 . 2009-05-10 15:28 -------- d-----w c:\programfiler\Google 2009-05-09 12:42 . 2009-05-13 08:55 -------- d--h--r c:\documents and settings\Balal\Siste 2009-05-09 12:09 . 2009-05-09 12:09 -------- d-----w c:\programfiler\CCleaner 2009-05-09 09:47 . 2009-05-09 09:47 -------- d-----w c:\documents and settings\Balal\Programdata\Malwarebytes 2009-05-09 09:47 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-09 09:46 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-09 09:46 . 2009-05-09 09:46 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-05-09 09:46 . 2009-05-09 09:47 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-08 11:06 . 2009-05-08 11:06 -------- d-----w c:\programfiler\Remoteus2008 2009-05-05 17:54 . 2009-05-05 17:56 -------- d-----w c:\documents and settings\Balal\Programdata\HouseCall 6.6 2009-05-05 17:43 . 2009-05-05 20:35 -------- d-----w c:\documents and settings\Balal\.housecall6.6 2009-05-05 09:02 . 2009-05-05 18:09 2797344 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-05 09:02 . 2009-05-05 18:09 16160 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-05 08:54 . 2009-05-05 17:38 -------- d-----w c:\programfiler\Fellesfiler\ParetoLogic 2009-05-05 08:54 . 2009-05-05 17:38 -------- d-----w c:\documents and settings\All Users\Programdata\ParetoLogic 2009-05-01 20:53 . 2009-05-01 20:53 -------- d-----w c:\documents and settings\Balal\Programdata\vlc 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w c:\windows\system32\GPhotos.scr 2009-05-01 00:11 . 2009-05-07 21:28 -------- d-----w c:\documents and settings\Balal\Programdata\Move Networks 2009-04-30 10:21 . 2009-04-30 10:21 -------- d-----w c:\programfiler\GPLGS 2009-04-30 10:21 . 2007-07-12 20:33 87552 ----a-w c:\windows\system32\cpwmon2k.dll 2009-04-30 10:21 . 2009-04-30 10:21 -------- d-----w c:\programfiler\Acro Software 2009-04-29 22:15 . 2009-04-29 22:15 -------- d-----w c:\programfiler\VideoLAN 2009-04-28 11:25 . 2009-04-28 11:25 -------- d-----w c:\programfiler\Citrix 2009-04-28 11:25 . 2009-04-28 11:25 70984 ----a-w c:\documents and settings\Balal\g2mdlhlpx.exe 2009-04-27 11:12 . 2009-04-27 11:12 -------- d-----w c:\documents and settings\All Users\Programdata\TVU Networks 2009-04-24 16:34 . 2009-04-24 16:34 -------- d--h--w C:\VJVod_Cache 2009-04-24 16:34 . 2009-04-24 16:34 -------- d-----w c:\documents and settings\LocalService\Lokale innstillinger\Programdata\nagasoft 2009-04-24 12:33 . 2009-04-24 12:33 -------- d-----w c:\windows\system32\nagasoft 2009-04-24 10:37 . 2009-04-24 10:37 -------- d-----w c:\documents and settings\Balal\Programdata\TVU networks 2009-04-22 12:51 . 2009-04-22 12:51 -------- d-----w c:\documents and settings\All Users\Programdata\GoBit Games 2009-04-18 22:21 . 2009-04-18 22:21 -------- d-----w c:\documents and settings\LocalService\Programdata\Roxio 2009-04-17 22:12 . 2009-04-17 22:12 0 ----a-w c:\windows\nsreg.dat 2009-04-17 22:12 . 2009-04-17 22:12 -------- d-----w c:\documents and settings\Balal\Lokale innstillinger\Programdata\Mozilla 2009-04-17 12:54 . 2009-04-17 12:54 -------- d-sh--w c:\windows\ftpcache 2009-04-16 18:09 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 18:09 . 2009-03-06 14:24 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-16 18:09 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-16 18:09 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 18:09 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 18:09 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe 2009-04-16 18:09 . 2009-02-09 10:56 680448 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 18:09 . 2009-02-09 10:56 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 18:09 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 18:09 . 2009-02-09 10:56 710656 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 18:08 . 2008-04-21 21:16 217088 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-13 08:26 . 2009-03-03 08:08 410984 ----a-w c:\windows\system32\deploytk.dll 2009-05-09 12:51 . 2008-09-24 07:15 -------- d-----w c:\programfiler\Lenovo 2009-05-09 09:01 . 2009-02-12 11:10 -------- d-----w c:\programfiler\Trend Micro 2009-05-08 15:33 . 2009-05-08 11:12 -------- d-----w c:\programfiler\Tidsbanken 2009-05-05 18:09 . 2009-05-05 09:02 2588 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-05 18:09 . 2009-05-05 09:02 10940 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-04 07:07 . 2009-03-11 12:15 775512 ----a-w c:\documents and settings\LocalService\Lokale innstillinger\Programdata\FontCache3.0.0.0.dat 2009-04-27 11:12 . 2009-02-21 10:53 -------- d-----w c:\programfiler\TVUPlayer 2009-04-24 14:11 . 2009-03-21 08:01 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-23 14:40 . 2006-02-25 13:00 489176 ----a-w c:\windows\system32\perfh014.dat 2009-04-23 14:40 . 2006-02-25 13:00 97390 ----a-w c:\windows\system32\perfc014.dat 2009-04-08 06:59 . 2008-09-24 07:31 -------- d-----w c:\programfiler\ThinkVantage 2009-04-03 12:08 . 2008-09-24 07:25 98352 ------w c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-03 12:06 . 2009-04-03 11:50 186195 ------w c:\windows\hppins12.dat 2009-04-03 12:06 . 2009-04-03 11:53 -------- d-----w c:\programfiler\HP 2009-04-03 12:02 . 2009-04-03 12:02 608 --sh--w c:\windows\system32\winzvprt5.sys 2009-04-03 11:59 . 2009-04-03 11:59 -------- d-----w c:\programfiler\Fellesfiler\HP 2009-04-03 11:59 . 2009-04-03 11:59 -------- d-----w c:\programfiler\Fellesfiler\Hewlett-Packard 2009-04-03 11:45 . 2009-04-03 11:45 -------- d-----w c:\programfiler\Fellesfiler\SWF Studio 2009-03-20 15:10 . 2009-03-20 15:10 -------- d-----w c:\programfiler\Lavasoft 2009-03-20 13:37 . 2009-03-20 13:37 -------- d-----w c:\programfiler\Spybot - Search & Destroy 2009-03-19 19:19 . 2009-03-19 19:19 -------- d-----w c:\programfiler\Fellesfiler\Intel 2009-03-19 19:07 . 2008-09-24 07:15 -------- d--h--w c:\programfiler\InstallShield Installation Information 2009-03-19 19:06 . 2008-09-24 07:29 -------- d-----w c:\programfiler\Fellesfiler\Lenovo 2009-03-09 19:06 . 2009-03-20 15:11 64160 ------w c:\windows\system32\drivers\Lbd.sys 2009-03-06 14:24 . 2006-02-25 13:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:16 . 2006-02-25 13:00 826368 ------w c:\windows\system32\wininet.dll 2009-02-20 17:17 . 2006-02-25 13:00 78336 ------w c:\windows\system32\ieencode.dll 2009-02-18 12:03 . 2006-02-25 05:17 86327 ------w c:\windows\pchealth\helpctr\OfflineCache\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-05-13_08.38.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-13 08:49 . 2009-05-13 08:49 16384 c:\windows\Temp\Perflib_Perfdata_e28.dat + 2008-09-24 07:50 . 2009-05-13 08:47 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe - 2008-09-24 07:50 . 2009-04-29 14:06 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe - 2008-09-24 07:50 . 2009-04-29 14:06 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe + 2008-09-24 07:50 . 2009-05-13 08:47 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe - 2008-09-24 07:50 . 2009-04-29 14:06 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe + 2008-09-24 07:50 . 2009-05-13 08:47 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe - 2008-09-24 07:50 . 2009-04-29 14:06 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe + 2008-09-24 07:50 . 2009-05-13 08:47 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe + 2008-09-24 07:50 . 2009-05-13 08:47 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe - 2008-09-24 07:50 . 2009-04-29 14:06 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe + 2008-09-24 07:50 . 2009-05-13 08:47 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe - 2008-09-24 07:50 . 2009-04-29 14:06 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe + 2008-09-24 07:50 . 2009-05-13 08:47 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe - 2008-09-24 07:50 . 2009-04-29 14:06 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe + 2008-09-24 07:50 . 2009-05-13 08:47 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe - 2008-09-24 07:50 . 2009-04-29 14:06 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe - 2009-02-14 11:19 . 2009-02-14 11:19 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe + 2009-05-13 08:46 . 2009-05-13 08:46 217864 c:\windows\Installer\{50120000-1105-0000-0000-0000000FF1CE}\misc.exe + 2009-05-13 08:46 . 2009-05-13 08:46 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll - 2008-09-24 07:50 . 2009-04-29 14:06 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe + 2008-09-24 07:50 . 2009-05-13 08:47 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe + 2008-09-24 07:50 . 2009-05-13 08:47 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe - 2008-09-24 07:50 . 2009-04-29 14:06 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe + 2009-02-14 11:34 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Uniblue RegistryBooster 2009"="c:\programfiler\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "FingerPrintSoftware"="c:\programfiler\Lenovo Fingerprint Software\fpapp.exe" [2008-08-15 13615104] "TVT Scheduler Proxy"="c:\programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248] "AMSG"="c:\programfiler\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "RoxioDragToDisc"="c:\programfiler\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-11-21 385024] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896] "ACWLIcon"="c:\programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-01-20 159744] "cssauth"="c:\programfiler\Lenovo\Client Security Solution\cssauth.exe" [2008-06-13 3073336] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-07-13 709928] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-24 516440] "ToolBoxFX"="c:\programfiler\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "HPUsageTracking"="c:\programfiler\HP\HP UT\bin\hppusg.exe" [2008-08-04 36864] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-05-13 148888] "TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2008-06-06 181536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\ThinkPad\Bluetooth Software\BTTray.exe [2008-3-28 596584] Digital Line Detect.lnk - c:\programfiler\Digital Line Detect\DLG.exe [2008-9-24 50688] HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2008-08-15 00:29 180224 ------w c:\windows\system32\FpWinlogonNp.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 15:37 34344 ------w c:\programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-08 18:14 28672 ------w c:\programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2009-01-20 17:31 32768 ------w c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "c:\\Programfiler\\SopCast\\SopCast.exe"= "c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"= "c:\\Programfiler\\HP\\HP Color LaserJet CM2320 MFP Series\\hppfsu_cm2320.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.03.2009 17:11 64160] R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [14.05.2008 16:21 114728] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14.05.2008 16:21 19496] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [24.09.2008 09:38 4442] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [09.05.2008 05:50 46144] R2 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [14.08.2008 14:31 102400] R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [15.08.2008 02:22 1664248] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;c:\programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16.01.2008 11:21 30312] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [15.08.2008 02:29 102400] R2 Power Manager DBC Service;Power Manager DBC Service;c:\programfiler\ThinkPad\Utilities\PWMDBSVC.exe [24.09.2008 09:38 53248] R2 SeaPort;SeaPort;c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14.01.2009 18:53 226656] R2 TmFilter;Trend Micro Filter;c:\programfiler\Trend Micro\OfficeScan Client\tmxpflt.sys [26.11.2008 18:42 225296] R2 TmPreFilter;Trend Micro PreFilter;c:\programfiler\Trend Micro\OfficeScan Client\tmpreflt.sys [26.11.2008 18:42 36368] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programfiler\Lenovo\Rescue and Recovery\rrpservice.exe [14.05.2008 16:25 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\programfiler\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09.05.2008 05:50 360448] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [24.09.2008 09:26 480640] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [24.09.2008 16:52 243856] R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\drivers\lnvobus.sys [24.09.2008 09:25 302464] R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\drivers\lnvocard.sys [24.09.2008 09:25 378496] R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\drivers\lnvogps.sys [24.09.2008 09:25 76328] R3 lnvomdfl;Ericsson F3507g Mobile Broadband Minicard Modem Filter;c:\windows\system32\drivers\lnvomdfl.sys [24.09.2008 09:25 15104] R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\drivers\lnvomdfl2.sys [24.09.2008 09:25 15104] R3 lnvomdm;Ericsson F3507g Mobile Broadband Minicard Modem Driver;c:\windows\system32\drivers\lnvomdm.sys [24.09.2008 09:25 387072] R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\drivers\lnvomdm2.sys [24.09.2008 09:25 431488] R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\drivers\lnvond5.sys [24.09.2008 09:25 25984] R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\drivers\lnvounic.sys [24.09.2008 09:25 402944] R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\drivers\lnvoscard.sys [24.09.2008 09:25 24232] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.02.2008 15:54 37312] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 953168] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [18.12.2008 05:25 29181272] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.02.2009 02:02 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.02.2009 02:02 8320] S3 RoxMediaDB10;RoxMediaDB10;c:\programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25.04.2008 08:15 1120752] S3 TmProxy;OfficeScan NT Proxy Service;c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe [13.07.2008 19:17 652552] S4 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc vvdsvc REG_MULTI_SZ vvdsvc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:11] 2009-05-12 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-05-13 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 16:04] 2009-05-13 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-24 09:56] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://lenovo.live.com uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send til &Bluetooth-enhet... - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\programfiler\Lenovo\Client Security Solution\tvtpwm_ie_com.dll DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} - hxxps://skyfex.com/download/SkyFexExpert.cab DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab FF - ProfilePath - c:\documents and settings\Balal\Programdata\Mozilla\Firefox\Profiles\tlid15dj.default\ FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\Balal\Programdata\Mozilla\Firefox\Profiles\tlid15dj.default\extensions\[email protected]\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\Balal\Programdata\Mozilla\Firefox\Profiles\tlid15dj.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\programfiler\Google\Picasa3\npPicasa3.dll FF - plugin: c:\programfiler\Microsoft\Office Live\npOLW.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-13 10:59 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1220) c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\FpWinLogonNp.dll c:\programfiler\Lenovo Fingerprint Software\ATCSSINT.dll c:\programfiler\Lenovo Fingerprint Software\SharedResources.dll c:\programfiler\Lenovo Fingerprint Software\FPResource.dll c:\programfiler\Lenovo\Client Security Solution\CSS_Enroll.dll c:\programfiler\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\windows\system32\Ati2evxx.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'lsass.exe'(1276) c:\programfiler\ThinkPad\ConnectUtilities\ACGina.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACON.dll c:\programfiler\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\programfiler\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\programfiler\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\programfiler\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll - - - - - - - > 'explorer.exe'(5424) c:\windows\system32\btmmhook.dll . Tidspunkt ferdig: 2009-05-13 11:00 ComboFix-quarantined-files.txt 2009-05-13 09:00 ComboFix2.txt 2009-05-13 08:39 Pre-Run: 207 948 025 856 byte ledig Post-Run: 207 936 401 408 byte ledig 304 --- E O F --- 2009-05-13 08:47 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå