Howiey Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 En irriterende søkegreie som kaller seg "Search Spy" har lagt seg til ved klokken på statuslinjen. Jeg kan enkelt høyre museklikke og klikke "quit", men den er der ved neste oppstart av maskinen. Jeg finner den ikke i Legg til/Fjern programvare. Ad-Aware fant den ikke. Spybot -search & destroy fant den heller ikke. Hvilken andre måter kan jeg få den vekk? Vet ikke hvilket program den evt. kan ha kommet med, jeg er liker bare seriøse programmer og laster ikke ned masse drit. Har alltid oppdatert AVG AntiVirus, og brannmur på. Lenke til kommentar
Gjest medlem-105082 Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 Last ned Hijackthis, kjør og legg ut en logg. Lenke til kommentar
Howiey Skrevet 23. desember 2006 Forfatter Del Skrevet 23. desember 2006 Last ned Hijackthis, kjør og legg ut en logg. 7563807[/snapback] Logfile of HijackThis v1.99.1Scan saved at 19:29:48, on 23.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe K:\Programfiler\Adobe Photoshop Elements 4\PhotoshopElementsFileAgent.exe K:\PROGRA~1\AVG\avgamsvr.exe K:\PROGRA~1\AVG\avgupsvc.exe K:\PROGRA~1\AVG\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mnmsrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe K:\PROGRA~1\AVG\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE K:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe K:\Programfiler\Gmail Notifier\gnotify.exe K:\PROGRA~1\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE K:\Programfiler\itunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe K:\Programfiler\DynDNS Updater\DynDNS.exe C:\Programfiler\SearchSpy\SearchSpyMenu.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\Azureus\Azureus.exe K:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe K:\Programfiler\Winamp\winamp.exe K:\Programfiler\Winrar\WinRAR.exe C:\DOCUME~1\HVARD~1\LOKALE~1\Temp\Rar$EX00.547\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Programfiler\Adobe\Acrobat\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Programfiler\Adobe\Acrobat\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Programfiler\Adobe\Acrobat\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - K:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [AVG7_CC] K:\PROGRA~1\AVG\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Component Manager] "C:\Programfiler\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] K:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] K:\Programfiler\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] K:\PROGRA~1\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "K:\Programfiler\itunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DynDNS Updater] "K:\Programfiler\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [searchSpy] C:\Programfiler\SearchSpy\SearchSpyMenu.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://K:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://K:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - K:\Programfiler\Hello!\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - K:\Programfiler\Hello!\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200601...meInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148032536687 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{57FFB372-FFD4-4B3B-BD91-F9CA550AF318}: NameServer = 148.122.208.99,148.122.161.3 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - K:\Programfiler\Adobe Photoshop Elements 4\PhotoshopElementsFileAgent.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - K:\PROGRA~1\AVG\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - K:\PROGRA~1\AVG\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - K:\PROGRA~1\AVG\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - K:\Programfiler\ISORecorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe Lenke til kommentar
Gjest medlem-105082 Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 Kjør HJT og slett: C:\Programfiler\SearchSpy\SearchSpyMenu.exe O4 - HKCU\..\Run: [searchSpy] C:\Programfiler\SearchSpy\SearchSpyMenu.exe O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) Restart å se om Search spy fortsatt er der. Lenke til kommentar
Howiey Skrevet 23. desember 2006 Forfatter Del Skrevet 23. desember 2006 Kjør HJT og slett: C:\Programfiler\SearchSpy\SearchSpyMenu.exe O4 - HKCU\..\Run: [searchSpy] C:\Programfiler\SearchSpy\SearchSpyMenu.exe O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) Restart å se om Search spy fortsatt er der. 7563852[/snapback] Fant ikke noe: C:\Programfiler\SearchSpy\SearchSpyMenu.exe Alt dette står i loggen, men de står ikke i HJT som valg for og velge vekk, uansett så er Search Spy vekke! Takk! Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe K:\Programfiler\Adobe Photoshop Elements 4\PhotoshopElementsFileAgent.exe K:\PROGRA~1\AVG\avgamsvr.exe K:\PROGRA~1\AVG\avgupsvc.exe K:\PROGRA~1\AVG\avgemc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\mnmsrvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe K:\PROGRA~1\AVG\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE K:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe K:\Programfiler\Gmail Notifier\gnotify.exe K:\PROGRA~1\NOKIAP~1\NOKIAP~1\LAUNCH~1.EXE K:\Programfiler\itunes\iTunesHelper.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe K:\Programfiler\DynDNS Updater\DynDNS.exe C:\Programfiler\SearchSpy\SearchSpyMenu.exe C:\Programfiler\Fellesfiler\PCSuite\Services\ServiceLayer.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\Azureus\Azureus.exe K:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe K:\Programfiler\Winamp\winamp.exe K:\Programfiler\Winrar\WinRAR.exe C:\DOCUME~1\HVARD~1\LOKALE~1\Temp\Rar$EX00.547\HijackThis.exe Lenke til kommentar
Gjest medlem-105082 Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 Du har fått fjernet den uansett så Ingen årsak! Lenke til kommentar
norbat Skrevet 23. desember 2006 Del Skrevet 23. desember 2006 Før du faller helt til ro : Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper"). Gå deretter ut i utforsker og slett (i bold) om det finnes (mulig du må gjøre det i sikker modus): C:\Programfiler\SearchSpy\SearchSpyMenu.exe Det er også en god ide å kjøre en full scan med SAS Lenke til kommentar
Howiey Skrevet 23. desember 2006 Forfatter Del Skrevet 23. desember 2006 Før du faller helt til ro : Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper"). Gå deretter ut i utforsker og slett (i bold) om det finnes (mulig du må gjøre det i sikker modus): C:\Programfiler\SearchSpy\SearchSpyMenu.exe Det er også en god ide å kjøre en full scan med SAS 7564267[/snapback] Fant katalogen og slettet den! Thanx! Laster ned SAS og skal teste det. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå