kizzykazz Skrevet 20. mars 2007 Del Skrevet 20. mars 2007 (endret) C:\WINDOWS\SECUREWIN31.DLL C:\WINDOWS\SECUREWIN32.EXE C:\WINDOWS\WINDOWSUPDATES.EXE Desse har nanoscan.com funne. Eg klarer ikkje å logge inn for tida, så eg får ikkje fjerna dei. Nod32 finn heller ingen feil med filene. Trojaneren heiter: Trj/Agent.DYH Takk for hjelp! Endret 30. mars 2007 av kazzkizz Lenke til kommentar
Magnusha Skrevet 20. mars 2007 Del Skrevet 20. mars 2007 Tror ikke jeg ville stolt helt på den siden der, de kan bare være ute etter å selge produkter ol. Lenke til kommentar
norbat Skrevet 22. mars 2007 Del Skrevet 22. mars 2007 Hei, kazzkizz Hvordan går det med pc'n? Når du sier at du ikke klarer å logge inn, mener du inn på pc'n? Du kan prøve å 'logge' deg inn når du er i Sikker modus (tapp F8 under oppstart). Når du er der inne kan du også prøve å slette de tre filene du nevner manuelt. Mulig at du må sette på 'Vis skjulte filer og mapper'. Lenke til kommentar
kizzykazz Skrevet 22. mars 2007 Forfatter Del Skrevet 22. mars 2007 norbat: Pcen fungerer flott den! Eg klare ikkje og logge inn på nanoscan.com , det var det eg meinte. Lenke til kommentar
norbat Skrevet 22. mars 2007 Del Skrevet 22. mars 2007 Høres fint ut Hvis du vil kan du hente Hijackthis, start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster, så ser vi om det trengs å gjøres noen grep for å få en evt. spywarefri pc. Lenke til kommentar
kizzykazz Skrevet 23. mars 2007 Forfatter Del Skrevet 23. mars 2007 Oki, her er ein logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:32:02, on 23.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\BinarySense\HDDlife\HDDlifePro.exe C:\Programfiler\MSN Messenger\usnsvc.exe F:\Innstalert Spill\Steam\steam.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programfiler\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [secure] C:\WINDOWS\WindowsUpdates.exe O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [bigDogPath] "C:\WINDOWS\VM_STI.EXE" VIMICRO USB PC Camera O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "F:\Innstalert Spill\Steam\Steam.exe" -silent O4 - Startup: HDDlife.lnk = C:\Programfiler\BinarySense\HDDlife\HDDlifePro.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programfiler\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kazzkizz.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139517338796 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O17 - HKLM\System\CCS\Services\Tcpip\..\{0E56D2AD-252F-4985-BB90-A2847896380A}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{1E1ACC40-49CB-40FE-94FF-48A27F96FF26}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{547F082E-3D8B-46DD-AE83-DFDC789FC6A4}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{578D7DEB-195A-4C3E-9117-0FF3948670CC}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED89C7F-5E77-4F20-B665-95C70725E186}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{85F94426-2593-4FD5-AF4F-F62BBC39B9D5}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{902CB026-3F33-4212-B15B-563FC2444BE7}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{97BA2BC7-D5B3-424F-AB92-E42E9AC17597}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{A0A5BD70-C0F7-4B2B-9F8A-D766A13D2C9D}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF1A214-7841-438B-86F6-9031248411B5}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{C8714B1F-B407-4C79-BA9A-710DCDD4DF38}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\..\{CA8CD992-EAC9-4254-9361-939593C5B68D}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.143 O17 - HKLM\System\CS4\Services\Tcpip\..\{0E56D2AD-252F-4985-BB90-A2847896380A}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.143 O17 - HKLM\System\CS5\Services\Tcpip\..\{0E56D2AD-252F-4985-BB90-A2847896380A}: NameServer = 85.255.114.108,85.255.112.143 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.108 85.255.112.143 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe Lenke til kommentar
norbat Skrevet 23. mars 2007 Del Skrevet 23. mars 2007 (endret) Heisann, det var litt der, ja Hent Fixwareout Legg filen på skrivebordet og dobbeltklikk på den. Klikk Next -> Install. Sjekk at det er avkrysset i 'Run fixit'. Klikk Finish og fixet vil starte. Følg instruksjonen. Restart pc'n når du blir bedt om det. Oppstarten vil ta litt lengre tid en normalt ..... Når pc'n har restartet følger du bare instruksjonen som kommer på skjermen. Kjør deretter HJT, sett merke framfor følgende linjer og klikk 'Fix checked': Alle O17-linjene...... O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll O4 - HKLM\..\Run: [secure] C:\WINDOWS\WindowsUpdates.exe O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) Restart pc'n i sikker modus (tapp F8 under oppstart) Sørg for at du kan se skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\SecureWin31.dll C:\WINDOWS\WindowsUpdates.exe (Du kan også se etter C:\WINDOWS\SECUREWIN32.EXE. Hvis den finnes, slett) Restart i normal tilstand Post en ny HJT-logg sammen med loggen fra Fixwareout (C:\fixwareout\report.txt) Endret 23. mars 2007 av norbat Lenke til kommentar
kizzykazz Skrevet 23. mars 2007 Forfatter Del Skrevet 23. mars 2007 Sidan eg installerte Fedora Core 6 har eg ikkje klart å komme meg inn i sikkermodus. Fordi valga ikkje kjem fram når eg trykkjer F8. Noko tips der? Lenke til kommentar
norbat Skrevet 23. mars 2007 Del Skrevet 23. mars 2007 Du kan: Last ned Killbox Start programmet Velg: Delete on Reboot Klikk: All Files-knappen Kopier alt som står under mellom de striplete linjene (merk, høyreklikk og velg Kopier): ------------------------------- C:\WINDOWS\SecureWin31.dll C:\WINDOWS\WindowsUpdates.exe C:\WINDOWS\SECUREWIN32.EXE ------------------------------- I Killbox, gå til File-menyen og velg 'Paste from Clipboard' Klikk den røde-og-hvite 'Delete File'-knappen. Klikk 'Yes' Post deretter en ny HJT-logg sammen med loggen fra Fixwareout (C:\fixwareout\report.txt) Lenke til kommentar
kizzykazz Skrevet 23. mars 2007 Forfatter Del Skrevet 23. mars 2007 (endret) HJT-logg : Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 22:24:13, on 23.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\BinarySense\HDDlife\HDDlifePro.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll (file missing) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programfiler\Free Download Manager\iefdmcks.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [secure] C:\WINDOWS\WindowsUpdates.exe O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [bigDogPath] "C:\WINDOWS\VM_STI.EXE" VIMICRO USB PC Camera O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "F:\Innstalert Spill\Steam\Steam.exe" -silent O4 - Startup: HDDlife.lnk = C:\Programfiler\BinarySense\HDDlife\HDDlifePro.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programfiler\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kazzkizz.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139517338796 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe Fixwareout-logg: Klikk for å se/fjerne innholdet nedenfor Fixwareout Last edited 2/11/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» System restarted »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="\"C:\\Programfiler\\Fellesfiler\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "SoundMan"="SOUNDMAN.EXE" "Secure"="C:\\WINDOWS\\WindowsUpdates.exe" "SafetyNet_Notifier"="\"C:\\Programfiler\\NetVeda\\Safety.Net\\ipcLn.exe\"" "SafetyNet"="\"C:\\Programfiler\\NetVeda\\Safety.Net\\ipcTray.exe\"" "nod32kui"="\"C:\\Programfiler\\Eset\\nod32kui.exe\" /WAITSERVICE" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "GrooveMonitor"="\"C:\\Programfiler\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "DiskeeperSystray"="\"C:\\Programfiler\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\"" "DAEMON Tools"="\"C:\\Programfiler\\DAEMON Tools\\daemon.exe\" -lang 1033" "BigDogPath"="\"C:\\WINDOWS\\VM_STI.EXE\" VIMICRO USB PC Camera" "AtiPTA"="atiptaxx.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "µTorrent"="\"C:\\Programfiler\\uTorrent\\uTorrent.exe\"" "msnmsgr"="\"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programfiler\\Fellesfiler\\Ahead\\lib\\NMBgMonitor.exe\"" "Steam"="\"F:\\Innstalert Spill\\Steam\\Steam.exe\" -silent" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» Søkte med nanoscan igjen, og no er det gratulasjonar for at eg har ein rein pc Takk skal du ha! Visst du ser noko anna snusk må du sei i frå.. Endret 23. mars 2007 av kazzkizz Lenke til kommentar
norbat Skrevet 23. mars 2007 Del Skrevet 23. mars 2007 (endret) Heisann, kazzkizz. Vi er ikke helt ferdig. Hent CCleaner, installer. Lukk programmet Hent SAS (Free edition), installer og oppdater. Lukk programmet Restart i sikker modus. Hvis du ikke får til det vha. F8, prøv følgende: Klikk: Start->Kjør. Skriv: msconfig Velg arkfanen: Boot.ini Hak av for /Safeboot Klikk OK Restart pc'n (forhåpentlig i sikker modus) Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll (file missing) O4 - HKLM\..\Run: [secure] C:\WINDOWS\WindowsUpdates.exe O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) Bruk utforsker til å finne og slette (i fet): C:\WINDOWS\WindowsUpdates.exe (hvis du finner C:\WINDOWS\SecureWin31.dll, sletter du den også) Start CCleaner. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør deretter en full scan med SAS. Restart i normal modus Hent Rootchk og kjør programmet. Det lager en logg som du poster om den sier at den har funnet noe. Post en ny HJT + loggen fra SAS (preferences->statistics/logs) og evt. en logg fra Rootchk. Endret 23. mars 2007 av norbat Lenke til kommentar
Delvis Skrevet 24. mars 2007 Del Skrevet 24. mars 2007 Bare si at det der har jeg opplevd flere ganger i senere tid. Da jeg brukte Kaspersky onlinescanner, fant den flere trojanere andre AV prog. (bl. a NOD) ikke reagerte på i det hele tatt. Testet nemlig systematisk og grundig ut forskjellige AV prog. , og har kommet til følgende konklusjon: Kaspersky og Norman er de eneste to som oppdager diverse trojanere som andre prog ikke reagerer på. Andre som ble testet var AVG, NOD og Panda Norton og trend-micro testet jeg bare med online-scanning, men de fant da heller ikke noe. Derfor har jeg gått tilbake til Norman (man får jo dette gratis gjennom feks nettbanker og Tele2) Lenke til kommentar
kizzykazz Skrevet 24. mars 2007 Forfatter Del Skrevet 24. mars 2007 (endret) HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 11:12:04, on 24.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\WINDOWS\VM_STI.EXE C:\Programfiler\uTorrent\uTorrent.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe F:\Innstalert Spill\Steam\Steam.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\BinarySense\HDDlife\HDDlifePro.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [bigDogPath] "C:\WINDOWS\VM_STI.EXE" VIMICRO USB PC Camera O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [µTorrent] "C:\Programfiler\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [steam] "F:\Innstalert Spill\Steam\Steam.exe" -silent O4 - Startup: HDDlife.lnk = C:\Programfiler\BinarySense\HDDlife\HDDlifePro.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programfiler\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programfiler\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kazzkizz.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139517338796 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programfiler\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe SAS-logg: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan LogGenerated 03/24/2007 at 11:02 AM Application Version : 3.6.1000 Core Rules Database Version : 3206 Trace Rules Database Version: 1216 Scan type : Complete Scan Total Scan Time : 00:24:41 Memory items scanned : 201 Memory threats detected : 0 Registry items scanned : 7328 Registry threats detected : 25 File items scanned : 39626 File threats detected : 5 Trojan.Downloader-ChinaHot HKLM\Software\Classes\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF} HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF} HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF} HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\InprocServer32 HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\InprocServer32#ThreadingModel HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\ProgID HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\Programmable HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\TypeLib HKCR\CLSID\{A75E294E-C047-4D29-B07E-37B792881BEF}\VersionIndependentProgID C:\WINDOWS\SECUREWIN31.DLL HKCR\SampleTrack.AleTrack HKCR\SampleTrack.AleTrack\CLSID HKCR\SampleTrack.AleTrack\CurVer HKCR\SampleTrack.AleTrack.1 HKCR\SampleTrack.AleTrack.1\CLSID HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2} HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0 HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\0 HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\0\win32 HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\FLAGS HKCR\TypeLib\{97641909-2311-4513-8581-F5C84B3F05F2}\1.0\HELPDIR HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD} HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\ProxyStubClsid HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\ProxyStubClsid32 HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\TypeLib HKCR\Interface\{1D2CC793-B043-4DD2-A52C-3D9ADE61BBBD}\TypeLib#Version C:\!KILLBOX\SECUREWIN31.DLL C:\!KILLBOX\SECUREWIN31.DLL( 3) C:\!KILLBOX\WINDOWSUPDATES.EXE C:\!KILLBOX\WINDOWSUPDATES.EXE( 2) Rootchk-logg: Klikk for å se/fjerne innholdet nedenfor ********************************* ROOTCHK-(21-03-07)-LOG, by ejvindh24.03.2007 11:13:43,75 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end Eg skulle slette C:\WINDOWS\WindowsUpdates.exe og C:\WINDOWS\SecureWin31.dll , men eg fann ingen av dei. Eg fann heller ikkje den fila her i HJT, O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - C:\WINDOWS\SecureWin31.dll (file missing) Endret 24. mars 2007 av kazzkizz Lenke til kommentar
norbat Skrevet 24. mars 2007 Del Skrevet 24. mars 2007 (endret) Hei, kazzkizz Loggen din er ren Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting . Velg å opprette et nytt. Navgi det og klikk opprett. Så kan du skjule filer og mapper igjen slik at du ikke ved en miss sletter viktige systemfiler. Klarer du ikke å holde deg spywarefri, vet du hvilket forum du kan henvende deg til Endret 24. mars 2007 av norbat Lenke til kommentar
kizzykazz Skrevet 24. mars 2007 Forfatter Del Skrevet 24. mars 2007 Yepp! Tusen takk norbat Lenke til kommentar
-Fersken- Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 norbat, gidd du sjekke den hjt-loggen her? Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 19:16:34, on 26.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Eset\nod32krn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Opera\Opera.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {197F8FE3-8DF6-4755-B925-B94A1FF2F58E} (OSAKit2.OSA_Kit) - http://newstargames.com/OSAKit2.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140279147608 O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O17 - HKLM\System\CCS\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS11\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS12\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS13\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS14\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS15\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS16\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS17\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS18\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS19\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS20\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS21\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS22\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - (no file) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Takk Lenke til kommentar
norbat Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 (endret) Hei, -Fersken- Du burde ha opprettet en ny post, men lag gå... Hent Smitfraudfix Restart i sikker modus (tapp F8 under oppstart) Dobbeltklikk på Smitfraud exe. Velg valg 2 - Clean. Svar Yes om du blir bedt om det... Mulig pc'n restarter. Det vil lages en logg (mulig i C:\rapport.txt). Den poster du sammen med en ny HJT-logg Endret 26. mars 2007 av norbat Lenke til kommentar
-Fersken- Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 Smitfraudfix-logg: Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.157 Scan done at 23:29:27,90, 26.03.2007 Run from C:\Documents and Settings\Bj›rn Kristen\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End HJT-logg: Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 23:41:23, on 26.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Documents and Settings\Bjørn Kristen\Lokale innstillinger\Temp\wz5b08\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {197F8FE3-8DF6-4755-B925-B94A1FF2F58E} (OSAKit2.OSA_Kit) - http://newstargames.com/OSAKit2.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140279147608 O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O17 - HKLM\System\CCS\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS11\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS12\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS13\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS14\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS15\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS16\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS17\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS18\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS19\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS20\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS21\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS22\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Lenke til kommentar
norbat Skrevet 26. mars 2007 Del Skrevet 26. mars 2007 Kjør HJT, sett merke framfor følgende linjer og klikk 'Fix checked': O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - Kjenner du til denne: O16 - DPF: {197F8FE3-8DF6-4755-B925-B94A1FF2F58E} (OSAKit2.OSA_Kit) - http://newstargames.com/OSAKit2.CAB Hvis ikke, fjern. Hent CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker'. Fortell så hvordan pc'n kjører Lenke til kommentar
-Fersken- Skrevet 27. mars 2007 Del Skrevet 27. mars 2007 PC'n kjører flott nå , er bare litt treig i oppstartings fasen av og til. kan nå legge til en HJT logg til så du får se om det er noe mer Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1 Scan saved at 20:05:48, on 27.03.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\Eset\nod32kui.exe C:\Programfiler\Telenor\Online Start\Telenor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\Windows Media Player\wmplayer.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Bjørn Kristen\Lokale innstillinger\Temp\wzae4d\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Telenor Online Start] "C:\Programfiler\Telenor\Online Start\Telenor.exe" O4 - HKLM\..\Run: [safetyNet] "C:\Programfiler\NetVeda\Safety.Net\ipcTray.exe" O4 - HKLM\..\Run: [safetyNet_Notifier] "C:\Programfiler\NetVeda\Safety.Net\ipcLn.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.euchannels.net/update/KooPlayer.ocx O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140279147608 O17 - HKLM\System\CCS\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS11\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS12\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS13\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS14\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS15\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS16\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS17\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS18\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS19\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS20\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS21\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS22\Services\Tcpip\..\{10FB2475-CAFE-470D-A2C9-B56A7EEFECE3}: NameServer = 192.168.0.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NetVeda Safety.Net (ipcSvc) - NetVeda LLC - C:\Programfiler\NetVeda\Safety.Net\ipcsvc.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Takker Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå