Ustedalen Skrevet 14. juli 2005 Del Skrevet 14. juli 2005 I dag har startsiden blitt byttet om til en url med mange rare bokstaver (Både i IE og Firefox) og det er en rar toolbar på IE. Det kommer ganske mange adwarsler i Microsoft AntiSpyware, og jeg trykker block, men ingenting skjer. Søkt også igjennom Spybot, Adware, og MA, men finner ingenting. HijackThis loggen ser sånn ut: Logfile of HijackThis v1.99.1Scan saved at 22:26:27, on 14.07.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Adobe\DOCUME~1.0\server\bin\JK_NT_~1.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Adobe\Document Server 6.0\server\tools\jre1_4_0\bin\java.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Adobe\Version Cue\ControlPanel\VersionCueTray.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe c:\progra~1\intern~1\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\DOCUME~1\Jon\LOKALE~1\Temp\Rar$EX00.406\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.erjqqctyzxmburqkss.com/p8m/jp2I...0Z17tJOhQY.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avssnfoqaenckdrkazot.net/p8m/jp...gFXs_QRjsk.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programfiler\Adobe\Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [skipjugsforkmapi] C:\Documents and Settings\All Users\Programdata\SIXTH SOFTWARE SKIP JUGS\Ace Way.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [HtmOne] C:\DOCUME~1\Jon\PROGRA~1\DEFYRE~1\Ford Global 64.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116277851828 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programfiler\Adobe\Version Cue\service\VersionCue.exe O23 - Service: AlterCastDocEdition - Unknown owner - C:\PROGRA~1\Adobe\DOCUME~1.0\server\bin\JK_NT_~1.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programfiler\Raxco\PerfectDisk\PDSched.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Noen idêer? Lenke til kommentar
zjulik Skrevet 15. juli 2005 Del Skrevet 15. juli 2005 Dette ser stort sett greit ut, men det er 4 ting som må bort (jeg tar her høyde for at dette ikke er noe du selv har stilt inn): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.erjqqctyzxmburqkss.com/p8m/jp2I...0Z17tJOhQY.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avssnfoqaenckdrkazot.net/p8m/jp...gFXs_QRjsk.html O4 - HKLM\..\Run: [skipjugsforkmapi] C:\Documents and Settings\All Users\Programdata\SIXTH SOFTWARE SKIP JUGS\Ace Way.exe O4 - HKCU\..\Run: [HtmOne] C:\DOCUME~1\Jon\PROGRA~1\DEFYRE~1\Ford Global 64.exe Fjern linjene i HijackThis. Deretter går du inn i oppgavebehandling og stanser prosessene nevnt i de to nederste, og sletter så filene fra nevnte plasseringer. Så er det Safe Mode og hele greia om igjen hvis noe er gjenstridig. Kjør CrapCleaner e. l. flere ganger underveis. Omstart i vanlig modus og Hijackthis igjen. Er alt borte, gå til kontrollpanel/alternativer for internett og angi home page etc. Lenke til kommentar
Ustedalen Skrevet 15. juli 2005 Forfatter Del Skrevet 15. juli 2005 (endret) Jeg har fått vekk de fleste, men jeg får ikke vekk denne: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cagmarrdshjsumtrisnalhm.net/p8m...0Z17tJOhQY.html Hver gang jeg kjører HijackThis, kommer den opp med en ny "nettside". Og jeg finner ikke mappen hvor jeg kan slette den.. Samme gjelder Ford Global 64.exe. Hvor finner jeg de? Edit: Leif Endret 15. juli 2005 av tn_00 Lenke til kommentar
b21a Skrevet 15. juli 2005 Del Skrevet 15. juli 2005 Har hatt samme problemet, prøv å søke i registeret etter nøkler fra "lop.com" Tror kanskje du har samma "#¤"#¤ jeg hadde. Lenke til kommentar
Ustedalen Skrevet 15. juli 2005 Forfatter Del Skrevet 15. juli 2005 Tror jeg fikk fjernet det meste. Logfile of HijackThis v1.99.1Scan saved at 13:30:53, on 15.07.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Adobe\Version Cue\ControlPanel\VersionCueTray.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Adobe\DOCUME~1.0\server\bin\JK_NT_~1.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Adobe\Document Server 6.0\server\tools\jre1_4_0\bin\java.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Raxco\PerfectDisk\PDSched.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Adobe\Document Server 6.0\bin\altercastserver.exe C:\Programfiler\Adobe\Document Server 6.0\bin\altercastserver.exe C:\Programfiler\WinRAR\WinRAR.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe C:\DOCUME~1\Jon\LOKALE~1\Temp\Rar$EX41.3515\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programfiler\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programfiler\Adobe\Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AnyDVD] C:\Programfiler\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1116277851828 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programfiler\Adobe\Version Cue\service\VersionCue.exe O23 - Service: AlterCastDocEdition - Unknown owner - C:\PROGRA~1\Adobe\DOCUME~1.0\server\bin\JK_NT_~1.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programfiler\Raxco\PerfectDisk\PDSched.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Den ser grei ut? Var forresten searchweb2 også kalt Lop, som hadde infisert dataen. Jeg gikk inn på Registreringsregisteret og fjernet startsiden og search baren derfra, så gikk jeg inn på Microsoft AntiSpyware, og satt alt tilbake til normalt (gjennom Advance Tool - Browser Restore). Så gikk jeg inn på searchweb2 (lop) sine hjemmesider, og fant denne siden. Derfra fant jeg fram til denne linken som fjernet alt som var lagd av lop. Deretter søkte jeg gjennom med Spybot, og slettet alt jeg fant. Nå håper jeg at jeg er ferdig med hele spyware tullet. Tror det var at jeg installerte MSN Pluss for noen mnd siden som har utløst dette. Lenke til kommentar
Pey'J Skrevet 17. juli 2005 Del Skrevet 17. juli 2005 Tror det var at jeg installerte MSN Pluss for noen mnd siden som har utløst dette. Hvis du ikke huker vekk "reklamen" som følger med under installasjonen, får du mye problemer med spionprogrammer. Lenke til kommentar
Epona Skrevet 19. juli 2005 Del Skrevet 19. juli 2005 tn_00! Sorry, men den siste pekeren du henviser til i innlegget ditt inneholder en fil - new_uninstall.exe e.l. og inneholder dessverre den trojanske hesten TROJ_LOP.A. Har ikke sjekket mer omkring dette, men anbefaler deg evt å legge hijacken inn i forumet på www.spywarefri.dk/forum. Det også fordi du kanskje fremdeles har den gjenstridige spywaren searchsafe fremdeles på maskinen. Søk gjerne på forumet om det er ting du lurer på. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå