Edmund Blackadder Skrevet 22. april 2006 Del Skrevet 22. april 2006 Først, jeg formaterer _ikke_. Jeg har klart å fjerne et virus før og jeg skal gjøre det igjen. Denne gangen dreier det seg om et virus/trojanhorse som kalles Zlob. Dette viruset har køddet seg litt med MSN, gir meg popups avogtil, og kommer med ballon-tips om at jeg må installere de og de virusprogrammene som er helt sikkert bare mer malware. Først prøvde jeg med ulike AV scannere. Avast, trendmicro på nett osv. Det funket ikke. Så leitet jeg meg fram til en side på internett hvor det stod hvordan jeg kunne fjerne det manuelt. Så da gikk jeg inn i sikkermodus, fjernet en fil i system32 folderen, fikk vekk de ekle startupsene, registry ting og tang, og andre filer som jeg slettet. Har tatt av system restore altså. Så restartet jeg igjen, og ingenting har blitt bedre. Har prøvd med adaware, spybot og diverse andre programmer, men de klarer ingenting. Står helt fast her og lurer på hva jeg skal gjøre. Takker for all hjelp (zjulik?) Lenke til kommentar
themanfrom Skrevet 22. april 2006 Del Skrevet 22. april 2006 like magic: Sticky Stickies er fun vet du. Lenke til kommentar
Edmund Blackadder Skrevet 22. april 2006 Forfatter Del Skrevet 22. april 2006 (endret) Har ikke funnet noe mer info der enn jeg allerede har funnet og som ikke har funket. Og først nå har jeg sett at jeg har postet i feil kategori. Move til sikkerhet takk. Endret 22. april 2006 av Edmund Blackadder Lenke til kommentar
Goscinny Skrevet 22. april 2006 Del Skrevet 22. april 2006 Du har selvfølgelig også prøvd HiJack This? Lenke til kommentar
themanfrom Skrevet 22. april 2006 Del Skrevet 22. april 2006 Og loggen ut her takk. Lenke til kommentar
Edmund Blackadder Skrevet 22. april 2006 Forfatter Del Skrevet 22. april 2006 (endret) Her er loggen.... Og ja, når jeg avslutter de to prosessene i task manager (nvctrl.exe og mssearchnet.exe) så popper de med en gang opp igjen. Logfile of HijackThis v1.99.1 Scan saved at 14:46:59, on 22.04.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\Logi_MwX.Exe D:\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\Mixer.exe D:\Sikkerhetsprogram\MS AntiSpyware\gcasDtServ.exe C:\sj655\hpupdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\nvctrl.exe C:\WINDOWS\system32\mssearchnet.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Opera 9 Beta\Opera.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\YSTEIN~1\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F2 - REG:system.ini: Shell= O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp186C.tmp (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [RemoteControl] D:\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [gcasServ] "D:\Sikkerhetsprogram\MS AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [HP Update 4200C] C:\sj655\hpupdate.exe 4200C+ O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [E06AXLRD_26803312] "D:\Encarta 2006\Encarta Premium DVD 2006\EDICT.EXE" -m O4 - HKCU\..\Run: [uniblue Registry Booster] D:\Registry Booster\RegistryBooster.exe /S O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O18 - Protocol: bw+0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {7DD80863-0A62-4D11-941C-866C61FE750B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Endret 22. april 2006 av Edmund Blackadder Lenke til kommentar
Camron Skrevet 22. april 2006 Del Skrevet 22. april 2006 Jeg har et lignende problem, har prøvd alt du har prøvd også, uten at det hjalp... Håper en eller annen luring kommre på noe Lenke til kommentar
Kadmium Skrevet 22. april 2006 Del Skrevet 22. april 2006 Logg inn i sikkerhetsmodus: Pass på at ingen Zlob-prosesser kjører (nvctrl.exe, msmsgs.exe, evt. mssearchnet.exe). Gå til 'Start - Kjør', skriv regedit, og klikk 'OK'. Slett følgende verdier: HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows CurrentVersionRunRegSvr32=%System%msmsgs.exe HKEY_LOCAL_MACHINE SoftwareMicrosoftWindows NT CurrentVersionWinlogonShell=explorer.exe msmsgs.exe Nå kan du lukke regedit, og finne disse filene på datamaskinen din, og slette de: hp[X].tmp msvol.tlb ncompat.tlb %UserProfile%\Application Data\Microsoft\Crypto\RSA %UserProfile%\Application Data\Microsoft\Protect vnp7s.net zxserv0.com dumpserv.com Lenke til kommentar
Edmund Blackadder Skrevet 22. april 2006 Forfatter Del Skrevet 22. april 2006 Been there, done that. Funket ikke. Lenke til kommentar
Kadmium Skrevet 22. april 2006 Del Skrevet 22. april 2006 Da har du fått et ekstremt tilfelle av denne trojaneren. Hadde det jeg også, men fjernet det med denne metoden. Prøv å logg inn i sikkerhetsmodus, og kjør XoftSpy da. Oppdager, og fjerner det meste. Lenke til kommentar
Edmund Blackadder Skrevet 22. april 2006 Forfatter Del Skrevet 22. april 2006 Skal prøve det. Lenke til kommentar
zjulik Skrevet 22. april 2006 Del Skrevet 22. april 2006 Ikke sikkert det er så vrient. Milde saker dette ser det ut til. Fra et annet forum: "This is a stupid easy trojan to remove. I checked tonnes of walkthroughs, and people make this a lot more complicated than it is. If you're running Windows XP, just start up in safe mode, then do a system search for mssearchnet.exe and nvctrl.exe. Once you find all the correpsonding files (there should be 2 of each), delete them. Then run regedit in your command console and do a registry search for mssearchnet.exe. Everywhere mssearchnet pops up, nvctrl is there too. Just delete that entire branch, as nothing else is kept in those folders. Poof, trojan gone, not to return. Thanks." Lenke til kommentar
Kadmium Skrevet 22. april 2006 Del Skrevet 22. april 2006 Det er der all informasjon om installerte programmer, osv ligger. Lenke til kommentar
Camron Skrevet 22. april 2006 Del Skrevet 22. april 2006 "run regedit in your command console and do a registry search for mssearchnet.exe." Kan noen forklare nærmere hvordan? Lenke til kommentar
Kadmium Skrevet 22. april 2006 Del Skrevet 22. april 2006 (endret) Du går til 'Start - Kjør', og skriver regedit. Da skal det poppe opp et vindu, og oppe i venstre hjørne klikker du på Rediger, og Søk etter... EDIT: Det bør nevnes at dersom du ikke er sikker på hvordan du skal bruke regedit, er det ikke lurt å fikle for mye der, ettersom det kan resultere i at datamaskinen slutter å fungere som vanlig. Endret 22. april 2006 av Agressive Lenke til kommentar
themanfrom Skrevet 22. april 2006 Del Skrevet 22. april 2006 regedit er registeret. kjør regedit i run/kjør. Lenke til kommentar
Edmund Blackadder Skrevet 22. april 2006 Forfatter Del Skrevet 22. april 2006 Tror det gjorde susen. Nå er det eneste problemet noe Spyware som den rakk å installere. Skal se om spyware programmene tar knekken på det for nå kan det jo ikke installeres rett etter det er ryddet ettersom jeg fikk det andre dritet ut og vekk. Lenke til kommentar
Kadmium Skrevet 22. april 2006 Del Skrevet 22. april 2006 Du brukte XoftSpy, som sagt? Lenke til kommentar
Edmund Blackadder Skrevet 22. april 2006 Forfatter Del Skrevet 22. april 2006 Nei XoftSpy trengte jeg reg key for. Bruke metoden til zjulik... Så enkelt, likevel så fjernt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå