Stichi Skrevet 8. august 2005 Del Skrevet 8. august 2005 (endret) Hei Jeg lurte på om Noen med litt erfaring kunne ta en titt på Hijackthis log'en min slik at jeg ikke sletter noe jeg ikke burde. Jeg har problemer med popups de kommer hele tiden (trenger ikke engang vere logga på nettet) er ganske irriterende...jeg har prøvd adavare og spybot, men ingenting sjer har også slått av system gjennoprettingen. vis noen av dere gidder å hjelpe hadde jeg blitt veldig glad. Logfile of HijackThis v1.99.1 Scan saved at 18:14:07, on 08/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\anqpoa.exe C:\WINDOWS\System32\cisvc.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\services.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\UltraVNC\WinVNC.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe c:\windows\system32\emvihrb.exe D:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Agatha\Skrivebord\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F3 - REG:win.ini: load=C:\\msnistehrwn.exe O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programfiler\DNS\Catcher.dll O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinVNC] "C:\Programfiler\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\system32\wintask.exe O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [wufgs] C:\WINDOWS\system32\fprygsrv\wufgs.exe O4 - HKLM\..\Run: [hnelxxv] C:\WINDOWS\system32\ukxfh\hnelxxv.exe O4 - HKLM\..\Run: [ikwkwcgb] C:\WINDOWS\system32\jpxtw\ikwkwcgb.exe O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe O4 - HKLM\..\Run: [PopMark] C:\WINDOWS\WinTask.exe O4 - HKLM\..\Run: [YTQXDLL] C:\WINDOWS\YTQXDLL.EXE O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteizj32.exe O4 - HKLM\..\Run: [Windows kev Messenger] mskev.exe O4 - HKLM\..\Run: [msdev control] msdevctrl.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [vkcfs] C:\WINDOWS\system32\dtxrpaoh\vkcfs.exe O4 - HKLM\..\Run: [hxfp] C:\WINDOWS\system32\wknqdon\hxfp.exe O4 - HKLM\..\Run: [ooux] C:\WINDOWS\system32\hvrvv\ooux.exe O4 - HKLM\..\Run: [fnxftc] C:\WINDOWS\system32\fnxftc.exe O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\anqpoa.exe reg_run O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [ustQ3Eg] shev42a.exe O4 - HKLM\..\Run: [tdvfrh] c:\windows\system32\emvihrb.exe r O4 - HKLM\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKLM\..\RunServices: [msdev control] msdevctrl.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [fB24ROM5e] sercows.exe O4 - HKCU\..\Run: [Windows kev Messenger] mskev.exe O4 - HKCU\..\Run: [msdev control] msdevctrl.exe O4 - HKCU\..\Run: [spyware Cleaner] "C:\Programfiler\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [services32] C:\Programfiler\Fellesfiler\Windows\mc-110-12-0000079.exe O4 - HKCU\..\Run: [DNS] C:\Programfiler\Fellesfiler\mc-110-12-0000079.exe O4 - HKCU\..\Run: [umkw] C:\PROGRA~1\COMMON~1\umkw\umkwm.exe O4 - HKCU\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKCU\..\RunServices: [msdev control] msdevctrl.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0026/ukiq0026.cab O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0027.exe O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0004.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: hwyhihbwslho (owisrgqr5) - Unknown owner - C:\WINDOWS\system32\kwmxvskm5.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service (file missing) Endret 8. august 2005 av Stichi Lenke til kommentar
Alastor Skrevet 8. august 2005 Del Skrevet 8. august 2005 Oi, her var det iallefall mye som ikke passa helt inn ja. Prøv microsoft antispyware, www.microsoft.com . Oppdater denne, og kjør en full system scan. Den tar knekken på mye annet som de andre ikke klarer. Post så en ny hijackthis log Lenke til kommentar
Stichi Skrevet 8. august 2005 Forfatter Del Skrevet 8. august 2005 Takk takk jeg vet d er myr dritt på men aner verken hvordan det har komt dit eller hvordan jeg får det vekk. Her er den nye hijack loggen Logfile of HijackThis v1.99.1 Scan saved at 23:22:08, on 08/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe c:\windows\system32\cnlzui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\YTQXDLL.EXE C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Windows\services32.exe C:\WINDOWS\system32\cmd.exe C:\Programfiler\UltraVNC\WinVNC.exe D:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Fellesfiler\services.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\sol.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Messenger\msmsgs.exe C:\Documents and Settings\Agatha\Skrivebord\dittådatt\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F3 - REG:win.ini: load=C:\\msnistehrwn.exe O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programfiler\DNS\Catcher.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinVNC] "C:\Programfiler\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [ikwkwcgb] C:\WINDOWS\system32\jpxtw\ikwkwcgb.exe O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe O4 - HKLM\..\Run: [YTQXDLL] C:\WINDOWS\YTQXDLL.EXE O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Windows kev Messenger] mskev.exe O4 - HKLM\..\Run: [msdev control] msdevctrl.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [vkcfs] C:\WINDOWS\system32\dtxrpaoh\vkcfs.exe O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\anqpoa.exe reg_run O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [gcasServ] "D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [deqxhwl] c:\windows\system32\cnlzui.exe r O4 - HKLM\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKLM\..\RunServices: [msdev control] msdevctrl.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Windows kev Messenger] mskev.exe O4 - HKCU\..\Run: [msdev control] msdevctrl.exe O4 - HKCU\..\Run: [spyware Cleaner] "C:\Programfiler\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [services32] C:\Programfiler\Fellesfiler\Windows\mc-110-12-0000079.exe O4 - HKCU\..\Run: [DNS] C:\Programfiler\Fellesfiler\mc-110-12-0000079.exe O4 - HKCU\..\Run: [umkw] C:\PROGRA~1\COMMON~1\umkw\umkwm.exe O4 - HKCU\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKCU\..\RunServices: [msdev control] msdevctrl.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0026/ukiq0026.cab O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0004.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: hwyhihbwslho (owisrgqr5) - Unknown owner - C:\WINDOWS\system32\kwmxvskm5.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service (file missing) Lenke til kommentar
Alastor Skrevet 8. august 2005 Del Skrevet 8. august 2005 Har du kjørt windows update noengang? I det siste? Er automatiske oppdateringer på? Har du innstallert kazaa, imesh, noe addons til msn, klikka ja på spørsmål og annet dritt du får opp når du surfer IE? Har du i det hele tatt hatt antivirus og eller brannmur innstallert på maskina di? Det ser nemlig ikke slik ut... Uansett, bytt til firefox som nettleser, da slipper du en del av dritten iallefall. www.getfirefox.com Gå også til http://housecall.trendmicro.com og scan der. Den finner også mye, da det ser ut til at du har mange trojanere på maskina di. Disse burde slettes/fikses i hijackthis: O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe O4 - HKLM\..\Run: [Helper] C:\WINDOWS\system32\temp532.exe -N O4 - HKLM\..\Run: [Windows kev Messenger] mskev.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\anqpoa.exe reg_run O4 - HKLM\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKCU\..\Run: [Windows kev Messenger] mskev.exe O4 - HKCU\..\RunServices: [Windows kev Messenger] mskev.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O23 - Service: hwyhihbwslho (owisrgqr5) - Unknown owner - C:\WINDOWS\system32\kwmxvskm5.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service Men her er det nødt til å være mer dritt rundt på maskina di også. Scann MYE, oppdater alle programmer, fjern alt du veit du ikke trenger, start opp i sikkerhetsmodus og scann på ny der, gjør alt du kan, hehe Lenke til kommentar
Stichi Skrevet 8. august 2005 Forfatter Del Skrevet 8. august 2005 kazaa og Imesh har vert avinstalert lenge hadde msn pluss men det er også lenge siden...Har hatt brannmur og Norton antivirus hele tiden. Vet ikke om d er klikka ja på spørsmål(maskinen blir brukt av flere en meg)...kan godt hende. Og windows update har blitt kjørt automatiske oppdateringer er og på. Tror kanskje hele maskinen bør formateres. Lenke til kommentar
Cilleron Skrevet 10. august 2005 Del Skrevet 10. august 2005 har du kjørt ad-aware? der har du ikke mulighet til å fjerne noe kritisk for systemet ditt... Lenke til kommentar
LuftWaffel Skrevet 11. august 2005 Del Skrevet 11. august 2005 Nail.exe er noe fandenskap sendt ut fra et amerikansk selskap kalt Direct Revenue. De hevder det ikke er adware noe alle som er så uheldig å få det ikke er enige i. Sjekk post nummer to på linken under, den hjalp meg iallefall. http://www.thetechguide.com/forum/index.php?showtopic=18647 Lenke til kommentar
Gjest Slettet+3124 Skrevet 11. august 2005 Del Skrevet 11. august 2005 Takk takk jeg vet d er myr dritt på men aner verken hvordan det har komt dit eller hvordan jeg får det vekk. Her er den nye hijack loggen Logfile of HijackThis v1.99.1 Scan saved at 23:22:08, on 08/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe c:\windows\system32\cnlzui.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\cisvc.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\YTQXDLL.EXE C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Windows\services32.exe C:\WINDOWS\system32\cmd.exe C:\Programfiler\UltraVNC\WinVNC.exe D:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Fellesfiler\services.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\sol.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\Messenger\msmsgs.exe C:\Documents and Settings\Agatha\Skrivebord\dittådatt\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F3 - REG:win.ini: load=C:\\msnistehrwn.exe O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programfiler\DNS\Catcher.dll O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinVNC] "C:\Programfiler\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [NVMixerTray] "C:\Programfiler\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Programfiler\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [ikwkwcgb] C:\WINDOWS\system32\jpxtw\ikwkwcgb.exe O4 - HKLM\..\Run: [C:\WINDOWS\WinTask.exe] C:\WINDOWS\WinTask.exe O4 - HKLM\..\Run: [YTQXDLL] C:\WINDOWS\YTQXDLL.EXE O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Windows kev Messenger] mskev.exe O4 - HKLM\..\Run: [msdev control] msdevctrl.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [vkcfs] C:\WINDOWS\system32\dtxrpaoh\vkcfs.exe O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\anqpoa.exe reg_run O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [gcasServ] "D:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [deqxhwl] c:\windows\system32\cnlzui.exe r O4 - HKLM\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKLM\..\RunServices: [msdev control] msdevctrl.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Windows kev Messenger] mskev.exe O4 - HKCU\..\Run: [msdev control] msdevctrl.exe O4 - HKCU\..\Run: [spyware Cleaner] "C:\Programfiler\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - HKCU\..\Run: [services32] C:\Programfiler\Fellesfiler\Windows\mc-110-12-0000079.exe O4 - HKCU\..\Run: [DNS] C:\Programfiler\Fellesfiler\mc-110-12-0000079.exe O4 - HKCU\..\Run: [umkw] C:\PROGRA~1\COMMON~1\umkw\umkwm.exe O4 - HKCU\..\RunServices: [Windows kev Messenger] mskev.exe O4 - HKCU\..\RunServices: [msdev control] msdevctrl.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0026/ukiq0026.cab O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://rimmel.ai-media.com/save/makeover.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0004.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{14C284A2-A9F6-4AE8-BF65-65104CAAB749}: NameServer = 10.15.60.1 O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: hwyhihbwslho (owisrgqr5) - Unknown owner - C:\WINDOWS\system32\kwmxvskm5.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service (file missing) Denne er en trojaner: C:\WINDOWS\system32\sol.exe Link. Og dette er ikke bra: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe Link. Denne er SDBOT: F3 - REG:win.ini: load=C:\\msnistehrwn.exe 3228. msnistehrwn.exe SDBOT Link. Denne er Adware.Shorty: O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Programfiler\DNS\Catcher.dll Link. Dette er Trojan PSW.Agent.H: O4 - HKLM\..\Run: [WinVNC] "C:\Programfiler\UltraVNC\WinVNC.exe" -servicehelper Link. Også dette er en trojaner (SMALL.ABD Variant Trojan): O4 - HKLM\..\Run: [PaciSoft] C:\WINDOWS\system32\pacis.exe Link. Denne er mistenkelig: O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [ikwkwcgb] C:\WINDOWS\system32\jpxtw\ikwkwcgb.exe Og denne er også SDBOT: O4 - HKLM\..\Run: [Windows kev Messenger] mskev.exe Link. Dette ser ikke ut til å være bra: O4 - HKLM\..\Run: [vkcfs] C:\WINDOWS\system32\dtxrpaoh\vkcfs.exe O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe Link. O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\anqpoa.exe reg_run O4 - HKLM\..\Run: [deqxhwl] c:\windows\system32\cnlzui.exe r TrojanDownloader.Agent.rv: O4 - HKCU\..\Run: [services32] C:\Programfiler\Fellesfiler\Windows\mc-110-12-0000079.exe og O4 - HKCU\..\Run: [DNS] C:\Programfiler\Fellesfiler\mc-110-12-0000079.exe Link. O4 - HKCU\..\Run: [umkw] C:\PROGRA~1\COMMON~1\umkw\umkwm.exe O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0026/ukiq0026.cab O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programfiler\UltraVNC\WinVNC.exe" -service (file missing) Dette var hva jeg fant i farta... Lenke til kommentar
Anonym5656 Skrevet 11. august 2005 Del Skrevet 11. august 2005 Ser ut som du er bombandert med adaware, spyware og sånn piss. Dette er mitt forslag: 1. ta alt det du trenger i en egen mappe, og scan filene for virus,spyware etc. 2. kopier det over til en annen maskin\usbdisk etc. 3. formater windows disken din, og installer windows på nytt 4. installer antivirus program, alt untatt IE, spyware program, ad-aware. 5. bruk nettvett, og ikke ta imot filer du ikke aner hva er Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå