Zapking Skrevet 13. oktober 2005 Del Skrevet 13. oktober 2005 (endret) Jeg har fått WindUpdates.MediaAccess på pcen min. Når jeg fjerner det med Microsoft Antispyware så kommer det bare tilbake når jeg starter maskinen på nytt.. Hvordan blir jeg kvitt det? Endret 23. oktober 2005 av Zapking Lenke til kommentar
morra Skrevet 13. oktober 2005 Del Skrevet 13. oktober 2005 Logg på i safe mode/sikkermodus i XP, og prøv å fjerne det da. Lenke til kommentar
Zapking Skrevet 15. oktober 2005 Forfatter Del Skrevet 15. oktober 2005 Det hjelper ikke... Lenke til kommentar
pmarius Skrevet 15. oktober 2005 Del Skrevet 15. oktober 2005 Kanskje et annet spywareprogram kan klare å fjerne det, som Spybot eller ad-aware. Begge er gratis og bare å laste ned fra nettet. Du finner dem enkelt på Google hvis du søker på det jeg kalte dem... Lenke til kommentar
Zapking Skrevet 17. oktober 2005 Forfatter Del Skrevet 17. oktober 2005 Jeg kjørte HijackThis, men jeg fant ingenting............ Jeg slettet mappen MediaAccess.... Så prøvde jeg å kjøre Microsoft AntiSpyware på nytt og jeg finner WindUpdates Browser Plugin.... Hvordan i helsike skal jeg få fjernet den? Lenke til kommentar
Alastor Skrevet 17. oktober 2005 Del Skrevet 17. oktober 2005 http://216.180.233.162/~merijn/files/HijackThis.exe Post en logg fra dette programmet (scan and show logfile, lim inn innholdet her) Lenke til kommentar
Zapking Skrevet 17. oktober 2005 Forfatter Del Skrevet 17. oktober 2005 Logfile of HijackThis v1.99.1 Scan saved at 23:34:35, on 17.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\SmartMOUSE\SmartMOUSE.exe C:\Programfiler\Ad Muncher\AdMunch.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\AlfaClock\AlfaClock.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Eier\Skrivebord\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qno8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe O4 - HKLM\..\Run: [smartMOUSE] C:\Programfiler\SmartMOUSE\SmartMOUSE.exe O4 - HKLM\..\Run: [WorkPace 3.0] "C:\Programfiler\WorkPace 3.0\workpace.exe" O4 - HKLM\..\Run: [Ad Muncher] C:\Programfiler\Ad Muncher\AdMunch.exe /bt O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [systweak Wallpaper Changer] wallpaper.exe -minimize O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uIWatcher] C:\Programfiler\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Programfiler\AlfaClock\AlfaClock.exe" /startup O4 - Startup: WallMaster Pro.lnk = C:\Programfiler\WallMaster\wallmast.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126097476453 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Lenke til kommentar
zjulik Skrevet 18. oktober 2005 Del Skrevet 18. oktober 2005 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qno8.hpwis.com/ - Mystisk. Kryss av for fiks i Hijackthis. R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) - Mystisk. Kryss av for fiks i Hijackthis. O4 - HKLM\..\Run: [Windows Installer] C:\WINDOWS\system32\ntdll.exe - VIRUS! Kryss av for fiks i Hijackthis. O4 - HKLM\..\Run: [Windows DLL Host] C:\WINDOWS\system32\dllhost32.exe - VIRUS! Kryss av for fiks i Hijackthis. O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll - Mystisk. Kryss av for fiks i Hijackthis. O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) - Mystisk. Kryss av for fiks i Hijackthis. Etter at du har fikset disse, er det ekstremt viktig at du tar en omstart inn i Safe Mode og sletter ntdll.exe, dllhost32.exe og inetlock.dll fra WINDOWS/System32-mappen din. Så bør du kjøre renseprogrammer, f eks CrapCleaner og RegSupreme. Post til slutt en ny logg. Lenke til kommentar
Zapking Skrevet 18. oktober 2005 Forfatter Del Skrevet 18. oktober 2005 Jeg slettet det med virus, men jeg fant ingen av filene i system32... Så når jeg prøvde å fixe det med winsock fikk jeg melding om at jeg måtte laste ned LSP-Fix.. Jeg har ikke gått videre med det fordi ejg ikke vil gjøre noe feil... Hva skal jeg gjøre i LSP-Fix? Logfile of HijackThis v1.99.1 Scan saved at 21:50:03, on 18.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\SmartMOUSE\SmartMOUSE.exe C:\Programfiler\WorkPace 3.0\workpace.exe C:\Programfiler\Ad Muncher\AdMunch.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Eier\Skrivebord\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qno8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe O4 - HKLM\..\Run: [smartMOUSE] C:\Programfiler\SmartMOUSE\SmartMOUSE.exe O4 - HKLM\..\Run: [WorkPace 3.0] "C:\Programfiler\WorkPace 3.0\workpace.exe" O4 - HKLM\..\Run: [Ad Muncher] C:\Programfiler\Ad Muncher\AdMunch.exe /bt O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [systweak Wallpaper Changer] wallpaper.exe -minimize O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uIWatcher] C:\Programfiler\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Programfiler\AlfaClock\AlfaClock.exe" /startup O4 - Startup: WallMaster Pro.lnk = C:\Programfiler\WallMaster\wallmast.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetlock.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126097476453 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Lenke til kommentar
zjulik Skrevet 18. oktober 2005 Del Skrevet 18. oktober 2005 WinsockXPFix http://www.snapfiles.com/get/winsockxpfix.html Lenke til kommentar
Zapking Skrevet 21. oktober 2005 Forfatter Del Skrevet 21. oktober 2005 Fremdeles finner Microsoft AntiSpyware WindUpdates Browser Plugin på maskinen... Dessuten kommer mappen C:\Programfiles\Media Access tilbake igjen hver gang jeg starter maskinen på nytt... Jeg blir ikke kvitt dette! Lenke til kommentar
Zapking Skrevet 23. oktober 2005 Forfatter Del Skrevet 23. oktober 2005 (endret) Jeg har følgende prosesser som kjører: MediaAccess.exe bruker ca. 6 728 kB MediaAccK.exe bruker ca. 3 364 kB Disse blir jeg ikke kvitt! Nå har jeg postet en ny loggfil: Logfile of HijackThis v1.99.1 Scan saved at 14:08:29, on 23.10.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Norton Internet Security\ISSVC.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\windows\system\hpsysdrv.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\HP\KBD\KBD.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\Programfiler\Ad Muncher\AdMunch.exe C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Media Access\MediaAccK.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\AlfaClock\AlfaClock.exe C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Media Access\MediaAccess.exe C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Documents and Settings\Eier\Skrivebord\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qno8.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Windows Spooler] C:\WINDOWS\system32\spoolsv32.exe O4 - HKLM\..\Run: [smartMOUSE] C:\Programfiler\SmartMOUSE\SmartMOUSE.exe O4 - HKLM\..\Run: [WorkPace 3.0] "C:\Programfiler\WorkPace 3.0\workpace.exe" O4 - HKLM\..\Run: [Ad Muncher] C:\Programfiler\Ad Muncher\AdMunch.exe /bt O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [systweak Wallpaper Changer] wallpaper.exe -minimize O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [uIWatcher] C:\Programfiler\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Programfiler\AlfaClock\AlfaClock.exe" /startup O4 - Startup: WallMaster Pro.lnk = C:\Programfiler\WallMaster\wallmast.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programfiler\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/.../en/x86/client/ wuweb_site.cab?1126097476453 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Legg merke til C:\Program Files\Media Access\MediaAccK.exe Endret 23. oktober 2005 av Zapking Lenke til kommentar
Gjest Slettet+19283741 Skrevet 23. oktober 2005 Del Skrevet 23. oktober 2005 Har du prøvd å kjørt ad-aware og spybot search & destroy? Prøv også bazooka spyware http://www.download.com/Bazooka-Adware-and...2-10247782.html Lenke til kommentar
Zapking Skrevet 23. oktober 2005 Forfatter Del Skrevet 23. oktober 2005 Jeg har bare prøvd Microsoft Antispyware... Lenke til kommentar
Gjest Slettet+19283741 Skrevet 23. oktober 2005 Del Skrevet 23. oktober 2005 Jeg har bare prøvd Microsoft Antispyware... 5047537[/snapback] Ja, men siden du ikke klarer å fikse problemet med dette kan det jo være greit å prøve noe annet! Microsoft Antispyware er forresten en beta versjon.. (dvs at programmet ikke er helt ferdig, noe som kan føre med seg problemer, slik som i ditt tilfelle.) Lenke til kommentar
Zapking Skrevet 23. oktober 2005 Forfatter Del Skrevet 23. oktober 2005 Ad-Aware SE Professional fjernet alt sammen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå