Heffie Skrevet 14. mai 2006 Del Skrevet 14. mai 2006 Heisann.. Har nylig oppstått noen problemer med diverse pop-ups i browseren min som er rimelig irriterende.. Gikk inn på c-disken hvor jeg fant noen programmer som jeg ikke tidligere hadde sett og forsøkte å slette disse.. Et program nemlig defender 19a ble derimot igjen og jeg har en mistanke om at det er dette og sikkert mer som forårsaker problemene.. Derfor lurer jeg på om noen har hatt noen erfaringer med denne typen defender 19a tidligere og kan rådgive meg slik at jeg blir kvitt denne dritten.. Har gått gjennom denne guiden men problemene ser allikevel ikke ut til å forsvinne. GUIDE: Hvordan beskytte seg mot spyware/adware På forhånd takk.. Lenke til kommentar
Heffie Skrevet 14. mai 2006 Forfatter Del Skrevet 14. mai 2006 Heisann.. Har nylig oppstått noen problemer med diverse pop-ups i browseren min som er rimelig irriterende.. Gikk inn på c-disken hvor jeg fant noen programmer som jeg ikke tidligere hadde sett og forsøkte å slette disse.. Et program nemlig defender 19a ble derimot igjen og jeg har en mistanke om at det er dette og sikkert mer som forårsaker problemene.. Derfor lurer jeg på om noen har hatt noen erfaringer med denne typen defender 19a tidligere og kan rådgive meg slik at jeg blir kvitt denne dritten.. Har gått gjennom denne guiden men problemene ser allikevel ikke ut til å forsvinne. GUIDE: Hvordan beskytte seg mot spyware/adware På forhånd takk.. 6101754[/snapback] Her er loggfilen fra HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:04:07, on 14.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Trend Micro\Internet Security 2005\pccguide.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\defender19a.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\??mantec\n?lookup.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Kaspersky\mwavscan.com C:\Kaspersky\kavss.exe C:\Documents and Settings\Øyvind\Mine dokumenter\Nedlastede filer\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {0B176AD5-DA32-A2BF-4ED1-82CA9823E1B8} - C:\WINDOWS\system32\vzfkpnl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [defender] C:\\defender19a.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Ehb] C:\WINDOWS\??mantec\n?lookup.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146057811562 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing) O20 - AppInit_DLLs: ASAPHook O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mv60l9jm1.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\sjimgvw.dll (file missing) O20 - Winlogon Notify: Usb - C:\WINDOWS\system32\mcrd2x40.dll (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\g4040edqeh0e0.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Lenke til kommentar
zjulik Skrevet 14. mai 2006 Del Skrevet 14. mai 2006 Kryss av og slett R3 - URLSearchHook: (no name) - {0B176AD5-DA32-A2BF-4ED1-82CA9823E1B8} - C:\WINDOWS\system32\vzfkpnl.dll O4 - HKLM\..\Run: [defender] C:\\defender19a.exe O4 - HKCU\..\Run: [Ehb] C:\WINDOWS\??mantec\n?lookup.exe O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mv60l9jm1.dll O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\sjimgvw.dll (file missing) O20 - Winlogon Notify: Usb - C:\WINDOWS\system32\mcrd2x40.dll (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\g4040edqeh0e0.dll (file missing) Gå deretter inn i Oppgavebehandling - ctrl alt del - og stopp de prosesser som er nevnt ovenfor, hvis du finne noen av dem. Slett deretter filene fra der de ligger. Rens så med CCleaner (link i sig). Ta en omstart i sikkermodus og gjenta hele prosessen. Du kjører både Avast og Trend Micro antivirus. Det er ikke bra. Velg ett av dem og fjern det andre. Post en ny logg etter at du har gjort disse tingene. Lenke til kommentar
Heffie Skrevet 14. mai 2006 Forfatter Del Skrevet 14. mai 2006 Kryss av og slett R3 - URLSearchHook: (no name) - {0B176AD5-DA32-A2BF-4ED1-82CA9823E1B8} - C:\WINDOWS\system32\vzfkpnl.dll O4 - HKLM\..\Run: [defender] C:\\defender19a.exe O4 - HKCU\..\Run: [Ehb] C:\WINDOWS\??mantec\n?lookup.exe O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\mv60l9jm1.dll O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\sjimgvw.dll (file missing) O20 - Winlogon Notify: Usb - C:\WINDOWS\system32\mcrd2x40.dll (file missing) O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\g4040edqeh0e0.dll (file missing) Gå deretter inn i Oppgavebehandling - ctrl alt del - og stopp de prosesser som er nevnt ovenfor, hvis du finne noen av dem. Slett deretter filene fra der de ligger. Rens så med CCleaner (link i sig). Ta en omstart i sikkermodus og gjenta hele prosessen. Du kjører både Avast og Trend Micro antivirus. Det er ikke bra. Velg ett av dem og fjern det andre. Post en ny logg etter at du har gjort disse tingene. 6102106[/snapback] Da er det gjort.. Sliter enda med det samme dog.. Her er ny logg: Logfile of HijackThis v1.99.1 Scan saved at 18:25:48, on 14.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0\bin\jusched.exe C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\iPod\bin\iPodService.exe C:\DOCUME~1\YVIND~1\PROGRA~1\SMANTE~1\wucrtupd.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Øyvind\Mine dokumenter\Nedlastede filer\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Rmsa] "C:\DOCUME~1\YVIND~1\PROGRA~1\SMANTE~1\wucrtupd.exe" -vt ndrv O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146057811562 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing) O20 - AppInit_DLLs: ASAPHook O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\dn2401fqe.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Lenke til kommentar
Heffie Skrevet 14. mai 2006 Forfatter Del Skrevet 14. mai 2006 Noen som vet hva som er neste steg i prosessen? Lenke til kommentar
Heffie Skrevet 14. mai 2006 Forfatter Del Skrevet 14. mai 2006 Dette er min hijack logfil akkurat nå.. Logfile of HijackThis v1.99.1 Scan saved at 20:51:06, on 14.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programfiler\ewido anti-malware\ewidoctrl.exe C:\Programfiler\ewido anti-malware\ewidoguard.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programfiler\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe C:\Programfiler\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Trend Micro\Internet Security 2005\pccguide.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\HPQ\SHARED\HPQWMI.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\DOCUME~1\YVIND~1\PROGRA~1\SMANTE~1\wucrtupd.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Documents and Settings\Øyvind\Mine dokumenter\Nedlastede filer\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [updateManager] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Rmsa] "C:\DOCUME~1\YVIND~1\PROGRA~1\SMANTE~1\wucrtupd.exe" -vt ndrv O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Programfiler\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146057811562 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing) O20 - AppInit_DLLs: ASAPHook O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\h62o0gf3e62.dll O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido anti-malware\ewidoguard.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programfiler\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe Frustrende er det når det til stadighet dukker opp popups.. Bak mange av disse står det tau.html.. Noen som har en løsning? Lenke til kommentar
berxter Skrevet 14. mai 2006 Del Skrevet 14. mai 2006 Ja, vi tar noe: O4 - HKCU\..\Run: [Rmsa] "C:\DOCUME~1\YVIND~1\PROGRA~1\SMANTE~1\wucrtupd.exe" -vt ndrv O20 - AppInit_DLLs: ASAPHook O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\h62o0gf3e62.dll - Se til at Ewido er oppdatert - Fix disse 3 med HJT - Restart i safe mode - Kjør en full system sjekk med Ewido - Reboot vanlig - Kjør en Panda Activescan, husk see report og save report Du har kjørt ccleaner, ja? Hvis ikke gjør det før du kjører Panda. - Legg ut Pandaloggen og en fersk HJTlogg. Bernt K Lenke til kommentar
Pozzolan Skrevet 14. mai 2006 Del Skrevet 14. mai 2006 Bak mange av disse står det tau.html Dette høres ut som Look2Me. Du kan prøve CWShredder og Look2Me-Remover disse burde fjerne popupsene dine. +berxter sine tips så burde pcen bli friskmeldt Lenke til kommentar
berxter Skrevet 14. mai 2006 Del Skrevet 14. mai 2006 Bak mange av disse står det tau.html Dette høres ut som Look2Me. Du kan prøve CWShredder og Look2Me-Remover disse burde fjerne popupsene dine. +berxter sine tips så burde pcen bli friskmeldt 6104749[/snapback] Enig; cwshredder og look2me-remover evt l2mfix er alltid verd å prøve ved slike ting. Hvis han nå skal kjøre 2 AV-programmer samtidig er forresten Ewido og Trend en lykkelig blanding; de går godt sammen. Bernt K Lenke til kommentar
Heffie Skrevet 14. mai 2006 Forfatter Del Skrevet 14. mai 2006 Det ordnet seg når jeg brukte de Look2Me removal programmene! Takk for all hjelp! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå