msn-virus, hijackthis log

kroghelg · 15. september 2007

Hei,,har en pc som har fått msn-virus

Håper noe kan sjekke loggen

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:59:32, on 15.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Programfiler\Arcade\PCMService.exe

C:\Programfiler\Launch Manager\QtZgAcer.EXE

C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe

D:\DAEMON Tools\daemon.exe

C:\Programfiler\Lexmark X1100 Series\lxbkbmon.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\service.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\sistray.exe

C:\Programfiler\Logitech\SetPoint\KEM.exe

C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe

C:\Programfiler\Logitech\SetPoint\KHALMNPR.EXE

C:\Programfiler\acer\eRecovery\Monitor.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

F:\programmer\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PCMService] "C:\Programfiler\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [LManager] C:\Programfiler\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [face bin load show] C:\Documents and Settings\All Users\Programdata\title tool face bin\itch chin.exe

O4 - HKLM\..\Run: [MicrosoftService] service.exe

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [deleteshow] C:\DOCUME~1\Inger\PROGRA~1\ACEBIT~1\SURF SOFTWARE SIZE.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\KEM.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Picture Package VCD Maker.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119944970820

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: bw+0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {EAFEE8BD-E9A1-4D1B-B622-4E149E95099D} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 23029 bytes

norbat · 15. september 2007

Last ned SDFix.exe.

Pakk ut programmet.

Last ned SAS, installer og oppdater.

Start HJT , velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

O4 - HKLM\..\Run: [face bin load show] C:\Documents and Settings\All Users\Programdata\title tool face bin\itch chin.exe

O4 - HKLM\..\Run: [MicrosoftService] service.exe

Restart i sikker modus (tapp f8 under oppstart)

Kjør RunThis.bat i SDfix-mappa .

Det lages en rapport (Report.txt) som du poster senere

Kjør en full scan med SAS .

Restart i normal modus

Logger:

Post en ny HJT-logg sammen med loggen fra SDfix og SAS (Preferences->statistics/logs)

Endret 15. september 2007 av norbat

kroghelg · 15. september 2007

HJT-logg

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 19:49:57, on 15.09.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Acer\eManager\anbmServ.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\keyhook.exe

C:\Programfiler\Arcade\PCMService.exe

C:\Programfiler\Launch Manager\QtZgAcer.EXE

C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

C:\Programfiler\Eset\nod32kui.exe

C:\Programfiler\Lexmark X1100 Series\lxbkbmgr.exe

D:\DAEMON Tools\daemon.exe

C:\Programfiler\Lexmark X1100 Series\lxbkbmon.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe

C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\wuauclt.exe