Kles Skrevet 2. mai 2007 Del Skrevet 2. mai 2007 (endret) Heisann. Jeg har et kjempestort problem på pcen min. Det går ut på at hver gang jeg er inne på internett, prøver et eller annet program å koble seg på nettet. Dette ender som oftest i pop-ups hvor jeg får beskjed om at pcen er infisert av diverse virus o.l. og om dumme poker-tilbud på nettet. Jeg bruker Norman Firewall, og jeg får beskjed før pop.upsene kommer om at et program prøver å komme seg inn på internett. Det vises også en IP adresse på hvor dette programmet vil. Jeg har kjørt 3 viruskontroller: Norman, BitDefender og AVG. I tillegg her jeg kjørt disse tre anti-spyware programmene: Spyware Doctor, AVG Anti-Spyware og SAS. Jeg har også prøvd å fikse det til med SmitfreudFIX og CCleaner. Hver gang jeg går på internett og skjekker innstillingene, er den personlige beskyttelsen skrudd ned til bunns, selv om jeg setter den til Middels-høy. Jeg har spurt venner som har peiling, og skjekket her på diskusjon.no, men klarer ikke å få det til! Jeg trenger hvirkelig hjelp! Vær så snill å hjelp meg viss du har vert borti noe lignende før, eller vet hva jeg bør gjøre! Her er en HijackThis-rapport viss det kan være til hjelp: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 23:27:24, on 02.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe C:\WINDOWS\system32\emitray.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Spyware Doctor\sdhelp.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\System32\wm.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\QuickTime\qttask.exe C:\Norman\bin\ZLH.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\administrator\Skrivebord\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linksidene.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksidene.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {56238299-39F1-4E9A-95CE-80F2E02D7A74} - C:\WINDOWS\system32\iifgdax.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\ogvlsume.dll O2 - BHO: (no name) - {EDC0A6B2-ACAB-4961-83CC-9231D1633942} - C:\WINDOWS\system32\pmnlm.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [QCTRAY] C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\ksblqerm.dll",realset O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\SUPERAntiSpyware.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: iifgdax - C:\WINDOWS\SYSTEM32\iifgdax.dll O20 - Winlogon Notify: pmnlm - C:\WINDOWS\system32\pmnlm.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe Endret 3. mai 2007 av b-real Lenke til kommentar
nets Skrevet 3. mai 2007 Del Skrevet 3. mai 2007 (endret) Ser nok desverre ut som du er helt infisert av et eller annet Virus. Jeg vile anbefale å boote opp med Antivirus CDen din å se om den klarer å finne viruset med de definisjonene som ligger på CDen. Evt. prøve flere forskjellige slike CDer. (Altså starte opp fra antivirus CDen din før windows starter). Hvis ikke det fungerer så ser jeg desverre ikke annen utvei enn en god gammeldags format Endret 3. mai 2007 av Nets Lenke til kommentar
Gjest medlem-105082 Skrevet 3. mai 2007 Del Skrevet 3. mai 2007 (endret) Hva med i det hele tatt å skjekke ut Hijackthis loggen? Man formaterer ikke pc'en før man har skjekket og muligens slettet farlige filer i Hijackthis først. Noe jeg overlater til noen andre Endret 3. mai 2007 av medlem-105082 Lenke til kommentar
norbat Skrevet 3. mai 2007 Del Skrevet 3. mai 2007 Hei, Kles Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen. Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo". Programmet lage en logg som du poster senere. Hent Combofix og legg det på skrivebordet. Lukk alle andre programmer. Kjør programmet. Ikke klikk på noe annet. Når programmet er ferdig åpnes en loggfil: combofix.txt Den loggfilen poster du også senere. Post deretter de overnevte loggene + en ny HJT-logg Lenke til kommentar
Kles Skrevet 3. mai 2007 Forfatter Del Skrevet 3. mai 2007 Flott! Det skal jeg gjøre så snart som mulig! Lenke til kommentar
Kles Skrevet 3. mai 2007 Forfatter Del Skrevet 3. mai 2007 Her kommer ComboFix loggen og den nye HijackThis loggen. Jeg fikk ingen logg etter å ha brukt VundoFix... Combofix: Administrator" - 07-05-03 20:00:05 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\administrator\Skrivebord\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\installer\e4152.msi C:\DOCUME~1\ADMINI~1\SKRIVE~1.\internet explorer.lnk ((((((((((((((((((((((((((((((( Files Created from 2007-04-03 to 2007-05-03 )))))))))))))))))))))))))))))))))) 2007-05-03 17:07 <DIR> d-------- C:\VundoFix Backups 2007-05-02 22:43 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste 2007-05-02 18:41 576,853 ---hs---- C:\WINDOWS\system32\mlnmp.ini2 2007-05-02 17:57 0 --a------ C:\WINDOWS\XGPLAYER.EXE 2007-05-02 17:57 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-05-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-02 17:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-02 17:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-02 13:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-02 12:58 26,944 --a------ C:\WINDOWS\system32\drivers\avg7rsnt.sys 2007-05-01 21:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-27 14:06 577,637 ---hs---- C:\WINDOWS\system32\mlnmp.bak2 2007-04-25 19:05 633,237 ---hs---- C:\WINDOWS\system32\mlnmp.bak1 2007-04-25 18:55 <DIR> d-------- C:\Programfiler\Foxit Software 2007-04-25 18:02 <DIR> d-------- C:\Programfiler\CCleaner 2007-04-24 14:34 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP 2007-04-24 14:23 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-04-24 14:23 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\Docudesk 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\BearShare Applications 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\Audacity 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\Analog Devices 2007-04-24 14:02 <DIR> d-------- C:\Programfiler\Analog Devices(2) 2007-04-23 19:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6 2007-04-23 18:51 <DIR> d-------- C:\Programfiler\Spyware Doctor 2007-04-22 20:04 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-22 19:58 18,764 --a------ C:\WINDOWS\system32\ddmon.dll 2007-04-10 16:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\Ableton 2007-04-10 13:35 9,984 --a------ C:\WINDOWS\system32\drivers\emifilt.sys 2007-04-10 13:35 599,424 --a------ C:\WINDOWS\system32\drivers\emiload.sys 2007-04-10 13:35 462,848 --a------ C:\WINDOWS\system32\emitray.exe 2007-04-10 13:35 139,264 --a------ C:\WINDOWS\system32\emieasi.dll 2007-04-10 13:35 118,784 --a------ C:\WINDOWS\system32\easiasio.dll 2007-04-10 13:35 114,688 --a------ C:\WINDOWS\system32\easimme.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-03 19:58 5 --a------ C:\NPF_USER.DAT 2007-05-02 22:24 -------- d-------- C:\Programfiler\videolan 2007-05-02 22:23 -------- d-------- C:\Programfiler\native instruments 2007-05-02 22:13 -------- d-------- C:\Programfiler\finale 2006 2007-05-02 21:43 -------- d-------- C:\Programfiler\ricochet xtreme 2007-05-02 21:42 -------- d-------- C:\Programfiler\ski jump international 2007-04-24 14:56 -------- d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\utorrent 2007-03-27 22:19 -------- d-------- C:\Programfiler\steinberg 2007-03-27 22:05 -------- d-------- C:\Programfiler\syncrosoft 2007-03-25 10:05 46522 --a------ C:\WINDOWS\system32\perfc014.dat 2007-03-25 10:05 319198 --a------ C:\WINDOWS\system32\perfh014.dat 2007-03-17 15:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-10 12:53 604 --ah----- C:\Programfiler\stll notifier 2007-03-10 12:51 -------- d-------- C:\Programfiler\sibelius software 2007-03-10 12:46 -------- d-------- C:\Programfiler\waves 2007-03-08 17:39 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:39 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:38 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-05 23:37 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-03-05 22:53 -------- d-------- C:\Programfiler\yahoo! 2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {011AB9D2-F79E-4472-BF80-CF7F54654610} C:\WINDOWS\system32\pmnlm.dll [x] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll {56238299-39F1-4E9A-95CE-80F2E02D7A74} C:\WINDOWS\system32\iifgdax.dll [x] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programfiler\google\googletoolbar2.dll {B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe" "SoundMAXPnP"="C:\\Programfiler\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="\"C:\\Programfiler\\Analog Devices\\SoundMAX\\smax4.exe\" /tray" "SynTPLpr"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe" "TPKMAPHELPER"="C:\\Programfiler\\ThinkPad\\Utilities\\TpKmapAp.exe -helper" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "Persistence"="C:\\WINDOWS\\System32\\igfxpers.exe" "TpShocks"="TpShocks.exe" "PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor" "BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog" "QCTRAY"="C:\\Programfiler\\ThinkPad\\ConnectUtilities\\QCTRAY.EXE" "QCWLICON"="C:\\Programfiler\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE" "NWTRAY"="NWTRAY.EXE" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH" "SxgTkBar"="SxgTkBar.exe" "InfoData"="rundll32.exe \"C:\\WINDOWS\\system32\\ksblqerm.dll\",realset" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "!AVG Anti-Spyware"="\"C:\\Programfiler\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "swg"="C:\\Programfiler\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" "SUPERAntiSpyware"="E:\\SUPERAntiSpyware.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56238299-39F1-4E9A-95CE-80F2E02D7A74}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\PMTask.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-03 20:04:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 20:09:39, on 03.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe C:\WINDOWS\system32\emitray.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Spyware Doctor\sdhelp.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\System32\wm.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\system32\TpShocks.exe C:\Norman\bin\NJEEVES.EXE C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\QuickTime\qttask.exe C:\Norman\bin\ZLH.EXE C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Documents and Settings\administrator\Skrivebord\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linksidene.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksidene.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {011AB9D2-F79E-4472-BF80-CF7F54654610} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {56238299-39F1-4E9A-95CE-80F2E02D7A74} - C:\WINDOWS\system32\iifgdax.dll (file missing) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [QCTRAY] C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\ksblqerm.dll",realset O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\SUPERAntiSpyware.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe Håper du klarer å hjelpe meg! Lenke til kommentar
norbat Skrevet 3. mai 2007 Del Skrevet 3. mai 2007 (endret) Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: (no name) - {011AB9D2-F79E-4472-BF80-CF7F54654610} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: (no name) - {56238299-39F1-4E9A-95CE-80F2E02D7A74} - C:\WINDOWS\system32\iifgdax.dll (file missing) O4 - HKLM\..\Run: [infoData] rundll32.exe "C:\WINDOWS\system32\ksblqerm.dll",realset Hent deretter DrWeb, legg det på skrivebordet. Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\system32\ksblqerm.dll Kjør drweb-cureit.exe (si ja til å kjøre en express scan) Når dette er ferdig klikker du på Option -> Change settings. Under fanearket Scan, fjerner du haken ved Heuristic analysis. Under fanearket Actions, skal alle punkt under Malware settes til Rename. Velg partisjon du vil scanne og klikk deretter på den grønne pilen for å starte scanningen. Velg "yes to all" når det finner noe for første gang. Restart i normal tilstand Hent Rootchk ned til skrivebordet. Kjør programmet. Det vil lage en logg. Post loggen fra Rootchk og en ny HJT-logg. Fortell hvordan pc'n kjører. Edit: Loggen fra Vundofix finnes vanligvis på C:\vundofix.txt Endret 3. mai 2007 av norbat Lenke til kommentar
kjetilm Skrevet 3. mai 2007 Del Skrevet 3. mai 2007 Unskyld for litt "offtopic" men hva skulle vi ha gjort uten deg "norbat" Du kan jo alt om Virus og datasikkerthet. Konge Lenke til kommentar
Kles Skrevet 5. mai 2007 Forfatter Del Skrevet 5. mai 2007 (endret) Hei. Jeg fant ikke filen C:\WINDOWS\system32\Ksblqerm.dll..... Men her er i alle fall Rootchk loggen, Ny Hijt logg, VundiFix- og Dr.Web loggene: ********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh 05.05.2007 17:53:34,04 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-05 17:53:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 57 Logfile of HijackThis v1.99.1 Scan saved at 18:03:43, on 05.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe C:\WINDOWS\system32\emitray.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Spyware Doctor\sdhelp.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\System32\wm.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\bin\NJEEVES.EXE C:\Programfiler\QuickTime\qttask.exe C:\Norman\bin\ZLH.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Programfiler\internet explorer\iexplore.exe C:\Documents and Settings\administrator\Skrivebord\alternativ.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linksidene.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksidene.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [QCTRAY] C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] E:\SUPERAntiSpyware.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programfiler\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe VundoFix logg: VundoFix V6.3.21 Checking Java version... Sun Java not detected Scan started at 17:07:29 03.05.2007 Listing files found while scanning.... C:\WINDOWS\system32\iifgdax.dll C:\WINDOWS\system32\ksblqerm.dll C:\WINDOWS\system32\mreqlbsk.ini C:\WINDOWS\system32\ogvlsume.dll C:\WINDOWS\system32\pmnlm.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\iifgdax.dll C:\WINDOWS\system32\iifgdax.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ksblqerm.dll C:\WINDOWS\system32\ksblqerm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mreqlbsk.ini C:\WINDOWS\system32\mreqlbsk.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ogvlsume.dll C:\WINDOWS\system32\ogvlsume.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\pmnlm.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\iifgdax.dll C:\WINDOWS\system32\iifgdax.dll Has been deleted! Performing Repairs to the registry. Done! ____________________________________________________________________ Dr.Web- logg: A0030873.exe;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP78;Tool.Prockill;Renamed.; A0030881.exe;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP78;Tool.ShutDown.11;Renamed.; A0030883.exe;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP78;Tool.Prockill;Renamed.; A0031157.exe;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP80;Tool.Prockill;Renamed.; A0031165.exe;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP80;Tool.ShutDown.11;Renamed.; A0031167.exe;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP80;Tool.Prockill;Renamed.; A0033697.dll;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP85;Trojan.Juan;Deleted.; A0035097.dll;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP85;Trojan.Virtumod;Deleted.; A0035098.dll;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP85;Trojan.Juan;Deleted.; A0035099.dll;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP85;Trojan.Virtumod;Deleted.; A0035103.dll;C:\System Volume Information\_restore{88332C2A-7E38-49FF-9119-D30E52115048}\RP85;Trojan.Virtumod;Deleted.; iifgdax.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; ksblqerm.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; ogvlsume.dll.bad;C:\VundoFix Backups;Trojan.Juan;Deleted.; pmnlm.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.; actskn45.ocx;C:\WINDOWS\system32;Trojan.Isbar.439;Deleted.; Endret 5. mai 2007 av Kles Lenke til kommentar
norbat Skrevet 5. mai 2007 Del Skrevet 5. mai 2007 Dette ser bra ut, Kles. Du har to antivirusprog (Norman og AVG). Avinstaller ett av dem fra legg til/fjern programmer. Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Kjør på ny Combofix og legg ut loggen. Det var noe der som muligens må fjernes manuelt. Fortell hvordan pc'n kjører. Lenke til kommentar
Kles Skrevet 6. mai 2007 Forfatter Del Skrevet 6. mai 2007 Hei, Norbat! Nå kjører PCen slik som den gjorde for tre uker siden, før infeksjonene! Kjempebra! Tusen takk for all hjelp! Her kommer ComboFix loggen som du ville ha: "Administrator" - 07-05-06 20:19:16 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\administrator\Skrivebord\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 )))))))))))))))))))))))))))))))))) 2007-05-06 20:17 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Siste 2007-05-03 21:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\DoctorWeb 2007-05-03 21:32 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Koblinger 2007-05-03 20:04 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-03 17:07 <DIR> d-------- C:\VundoFix Backups 2007-05-02 18:41 576,853 ---hs---- C:\WINDOWS\system32\mlnmp.ini2 2007-05-02 17:57 0 --a------ C:\WINDOWS\XGPLAYER.EXE 2007-05-02 17:57 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE 2007-05-02 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-02 17:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-02 17:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-05-02 13:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-01 21:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-27 14:06 577,637 ---hs---- C:\WINDOWS\system32\mlnmp.bak2 2007-04-25 19:05 633,237 ---hs---- C:\WINDOWS\system32\mlnmp.bak1 2007-04-25 18:55 <DIR> d-------- C:\Programfiler\Foxit Software 2007-04-25 18:02 <DIR> d-------- C:\Programfiler\CCleaner 2007-04-24 14:34 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP 2007-04-24 14:23 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys 2007-04-24 14:23 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\Docudesk 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\BearShare Applications 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\Audacity 2007-04-24 14:15 <DIR> d-------- C:\Programfiler\Analog Devices 2007-04-24 14:02 <DIR> d-------- C:\Programfiler\Analog Devices(2) 2007-04-23 19:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6 2007-04-23 18:51 <DIR> d-------- C:\Programfiler\Spyware Doctor 2007-04-22 20:04 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-22 19:58 18,764 --a------ C:\WINDOWS\system32\ddmon.dll 2007-04-10 16:34 <DIR> d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\Ableton 2007-04-10 13:35 9,984 --a------ C:\WINDOWS\system32\drivers\emifilt.sys 2007-04-10 13:35 599,424 --a------ C:\WINDOWS\system32\drivers\emiload.sys 2007-04-10 13:35 462,848 --a------ C:\WINDOWS\system32\emitray.exe 2007-04-10 13:35 139,264 --a------ C:\WINDOWS\system32\emieasi.dll 2007-04-10 13:35 118,784 --a------ C:\WINDOWS\system32\easiasio.dll 2007-04-10 13:35 114,688 --a------ C:\WINDOWS\system32\easimme.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 20:12 5 --a------ C:\NPF_USER.DAT 2007-05-02 22:24 -------- d-------- C:\Programfiler\videolan 2007-05-02 22:23 -------- d-------- C:\Programfiler\native instruments 2007-05-02 22:13 -------- d-------- C:\Programfiler\finale 2006 2007-05-02 21:43 -------- d-------- C:\Programfiler\ricochet xtreme 2007-05-02 21:42 -------- d-------- C:\Programfiler\ski jump international 2007-04-24 14:56 -------- d-------- C:\DOCUME~1\ADMINI~1\PROGRA~1\utorrent 2007-03-27 22:19 -------- d-------- C:\Programfiler\steinberg 2007-03-27 22:05 -------- d-------- C:\Programfiler\syncrosoft 2007-03-25 10:05 46522 --a------ C:\WINDOWS\system32\perfc014.dat 2007-03-25 10:05 319198 --a------ C:\WINDOWS\system32\perfh014.dat 2007-03-17 15:45 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-10 12:53 604 --ah----- C:\Programfiler\stll notifier 2007-03-10 12:51 -------- d-------- C:\Programfiler\sibelius software 2007-03-10 12:46 -------- d-------- C:\Programfiler\waves 2007-03-08 17:39 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:39 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:39 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:38 1843584 --a------ C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\programfiler\google\googletoolbar2.dll {B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe" "SoundMAXPnP"="C:\\Programfiler\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="\"C:\\Programfiler\\Analog Devices\\SoundMAX\\smax4.exe\" /tray" "SynTPLpr"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe" "TPKMAPHELPER"="C:\\Programfiler\\ThinkPad\\Utilities\\TpKmapAp.exe -helper" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "Persistence"="C:\\WINDOWS\\System32\\igfxpers.exe" "TpShocks"="TpShocks.exe" "PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor" "BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog" "QCTRAY"="C:\\Programfiler\\ThinkPad\\ConnectUtilities\\QCTRAY.EXE" "QCWLICON"="C:\\Programfiler\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE" "NWTRAY"="NWTRAY.EXE" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "Norman ZANDA"="C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH" "SxgTkBar"="SxgTkBar.exe" "!AVG Anti-Spyware"="\"C:\\Programfiler\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "swg"="C:\\Programfiler\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe" "SUPERAntiSpyware"="E:\\SUPERAntiSpyware.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Spyware Doctor"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWinKeys"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56238299-39F1-4E9A-95CE-80F2E02D7A74}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\PMTask.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-06 20:22:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-06 20:22:32 C:\ComboFix-quarantined-files.txt ... 07-05-06 20:22 C:\ComboFix2.txt ... 07-05-03 20:04 Lenke til kommentar
norbat Skrevet 6. mai 2007 Del Skrevet 6. mai 2007 Kjør Vundofix på ny og post loggen Lenke til kommentar
Kles Skrevet 6. mai 2007 Forfatter Del Skrevet 6. mai 2007 (endret) Det skal jeg gjøre;) Men det kan ta litt tid (noe det gjorde sist gang...). Det kan godt være jeg ikke får gjort det før i morgen... Endret 6. mai 2007 av Kles Lenke til kommentar
norbat Skrevet 6. mai 2007 Del Skrevet 6. mai 2007 (endret) Alternativ: Sørg for at du kan se skjulte filer og mapper (Kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus (trykk flere ganger på F8 under oppstart, velg sikker modus) Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak1 Går antakelig raskere Endret 6. mai 2007 av norbat Lenke til kommentar
Kles Skrevet 7. mai 2007 Forfatter Del Skrevet 7. mai 2007 Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak1 8551361[/snapback] Jeg fant ikke de overnevnte filene, men jeg har kjørt VundoFIX uten å finne noen feil. Nå fungerer PCen min som ny! Dette er en kjempestor lettelse! Tusen takk for all hjelp, Norbat! Lenke til kommentar
norbat Skrevet 7. mai 2007 Del Skrevet 7. mai 2007 Må bare få bekreftet at disse filene er borte, så vi gjør en ting til før vi gir oss Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak1 Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Enten sier den at disse er slettet, eller så sier den at de ikke kunne slettes fordi de ikke finnes Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Surf trygt Lenke til kommentar
Kles Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 Må bare få bekreftet at disse filene er borte, så vi gjør en ting til før vi gir oss Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\mlnmp.ini2 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak1 8559865[/snapback] Hei. Jeg beklager, men jeg har ikke fmed meg det siste her, og nå har nettop det samme som skjedde for en måned siden startet på ny. Jeg får opp vinduer som sier at jeg må scanne pcen min! Nå virker de som om det har "våknet" igjen:S Help!! Lenke til kommentar
Kles Skrevet 28. mai 2007 Forfatter Del Skrevet 28. mai 2007 Her er loggen: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uiyhtanb ******************* Script file located at: \??\C:\Documents and Settings\lfkyinyl.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\mlnmp.ini2 deleted successfully. File C:\WINDOWS\system32\mlnmp.bak2 deleted successfully. File C:\WINDOWS\system32\mlnmp.bak1 deleted successfully. Completed script processing. ******************* Finished! Terminate. Lenke til kommentar
norbat Skrevet 28. mai 2007 Del Skrevet 28. mai 2007 Vel, la oss se en ny HJT-logg. Lenke til kommentar
Kles Skrevet 29. mai 2007 Forfatter Del Skrevet 29. mai 2007 Logfile of HijackThis v1.99.1 Scan saved at 13:43:45, on 29.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\System32\cusrvc.exe C:\WINDOWS\system32\emitray.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\WINDOWS\Explorer.EXE C:\Norman\Bin\Zanda.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Programfiler\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\System32\wm.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\system32\TpShocks.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Norman\bin\ZLH.EXE C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Npf\BIN\npfmsg2.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\nipsvc.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\administrator\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linksidene.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.linksidene.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programfiler\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [QCTRAY] C:\Programfiler\ThinkPad\ConnectUtilities\QCTRAY.EXE O4 - HKLM\..\Run: [QCWLICON] C:\Programfiler\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sxgTkBar] SxgTkBar.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [H2O] C:\Programfiler\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\enqpnnbd.dll",realset O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\System32\cusrvc.exe O23 - Service: Emagic EMI System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\system32\emitray.exe O23 - Service: EvtEng - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINDOWS\System32\wm.exe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå