Oddrun Skrevet 4. april 2007 Del Skrevet 4. april 2007 (endret) Flyttet spørsmål til egen tråd https://www.diskusjon.no/index.php?showtopic=743154 Endret 4. april 2007 av Oddrun Lenke til kommentar
Oddrun Skrevet 4. april 2007 Forfatter Del Skrevet 4. april 2007 (endret) Maskinen bombaderes med meldinger om at jeg behøver å kvitte meg med ditt og datt og anbefales masse ulike programmer. Har prøvd å skanne maskinen med de anbefalte virusprogrammer/Spyware men de finner ingen syndere. Kan noen hjelpe meg? Her er loggen Klikk for å se/fjerne innholdet nedenfor System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-04-04 09:54:18 UTC - RP1 - Kontrollpunkt for system Performed disk cleanup. Logfile of HijackThis v1.99.1 Scan saved at 11:55:01, on 04.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Programfiler\AVG Anti-Spyware 7.5\guard.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\CA\CA Internet Security Suite\casecuritycenter.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\comboscan.exe C:\PROGRA~1\HIJACK~1\Oddrun T. Flovik.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061011 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.kvinneguiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061011 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&cli...amp;ibd=6061011 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programfiler\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cctray] "C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Programfiler\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - C:\WINDOWS\system32\drivers\AegisP.sys 4S agpCPQ (Compaq AGP-bussfilter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS 4S alim1541 (ALI AGP-bussfilter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS 4S amdagp (Driver for AMD AGP-bussfilter) - C:\WINDOWS\system32\drivers\AMDAGP.SYS 1R APPDRV - C:\WINDOWS\system32\drivers\APPDRV.SYS 3R Arp1394 (1394 ARP-klientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys 3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys 1R AVG Anti-Spyware Driver - D:\Programfiler\AVG Anti-Spyware 7.5\guard.sys 1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys 3R bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys 4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys 4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys 3S dot4 (MS IEEE-1284.4-driver) - C:\WINDOWS\system32\drivers\Dot4.sys 3S Dot4Print (Skriverklassedriver for IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys 3S Dot4Scan (Skannerklassedriver for IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4scan.sys 3S dot4usb (Dot4USB-filter Dot4USB Filter) - C:\WINDOWS\system32\drivers\Dot4usb.sys 0R drvmcdb - C:\WINDOWS\system32\drivers\drvmcdb.sys 2R drvnddm - C:\WINDOWS\system32\drivers\drvnddm.sys 3S EL90XBC (Driver for 3Com EtherLink XL 90XB/C-kort) - C:\WINDOWS\system32\drivers\el90xbc5.sys 3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys 3R HSF_DPV - C:\WINDOWS\system32\drivers\HSX_DPV.sys 3R HSXHWAZL - C:\WINDOWS\system32\drivers\HSXHWAZL.sys 1R intelppm (Intel-prosessordriver) - C:\WINDOWS\system32\drivers\intelppm.sys 2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys 3R NIC1394 (1394-nettverksdriver) - C:\WINDOWS\system32\drivers\nic1394.sys 3S nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 0R ohci1394 (OHCI-kompatibel IEEE 1394-vertskontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys 1R omci (OMCI WDM Device Driver) - C:\WINDOWS\system32\drivers\omci.sys 2R Packet (Auto Internet Protocol) - C:\WINDOWS\system32\drivers\packet.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3R rimmptsk - C:\WINDOWS\system32\drivers\rimmptsk.sys 3R rimsptsk - C:\WINDOWS\system32\drivers\rimsptsk.sys 3R rismxdp (Ricoh xD-Picture Card Driver) - C:\WINDOWS\system32\drivers\rixdptsk.sys 2R s24trans (WLAN transport) - C:\WINDOWS\system32\drivers\s24trans.sys 3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys 3S sffdisk (SFF-lagringsklassedriver) - C:\WINDOWS\system32\drivers\sffdisk.sys 3S sffp_sd (SFF-lagringsprotokolldriver for SDBus) - C:\WINDOWS\system32\drivers\sffp_sd.sys 4S sisagp (SIS AGP-bussfilter) - C:\WINDOWS\system32\drivers\SISAGP.SYS 3S SONYPVU1 (Sony USB-filterdriver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS 1R sscdbhk5 - C:\WINDOWS\system32\drivers\sscdbhk5.sys 1R ssrtln - C:\WINDOWS\system32\drivers\ssrtln.sys 3R STHDA (SigmaTel High Definition Audio CODEC) - C:\WINDOWS\system32\drivers\sthda.sys 3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys 2R tfsnboio - C:\WINDOWS\system32\dla\tfsnboio.sys 2R tfsncofs - C:\WINDOWS\system32\dla\tfsncofs.sys 2R tfsndrct - C:\WINDOWS\system32\dla\tfsndrct.sys 2R tfsndres - C:\WINDOWS\system32\dla\tfsndres.sys 2R tfsnifs - C:\WINDOWS\system32\dla\tfsnifs.sys 2R tfsnopio - C:\WINDOWS\system32\dla\tfsnopio.sys 2R tfsnpool - C:\WINDOWS\system32\dla\tfsnpool.sys 2R tfsnudf - C:\WINDOWS\system32\dla\tfsnudf.sys 2R tfsnudfa - C:\WINDOWS\system32\dla\tfsnudfa.sys 3R usbehci (Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller) - C:\WINDOWS\system32\drivers\usbehci.sys 3S USBSTOR (USB-masselagringsenhet) - C:\WINDOWS\system32\drivers\USBSTOR.SYS 1R VET-FILT (VET File System Filter) - C:\WINDOWS\system32\drivers\vet-filt.sys 1R VET-REC (VET File System Recognizer) - C:\WINDOWS\system32\drivers\vet-rec.sys 3R VETEBOOT (VET Boot Scan Engine) - C:\WINDOWS\system32\drivers\veteboot.sys 1R VETEFILE (VET File Scan Engine) - C:\WINDOWS\system32\drivers\vetefile.sys 1R VETFDDNT (VET Floppy Boot Sector Monitor) - C:\WINDOWS\system32\drivers\vetfddnt.sys 1R VETMONNT (VET File Monitor) - C:\WINDOWS\system32\drivers\vetmonnt.sys 4S viaagp (VIA AGP-bussfilter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS 3R w39n51 (Intel® PRO/Wireless 3945ABG Adapter Driver) - C:\WINDOWS\system32\drivers\w39n51.sys 3R winachsf - C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (Statustjeneste for ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe 2R AVG Anti-Spyware Guard - D:\Programfiler\AVG Anti-Spyware 7.5\guard.exe 3R CaCCProvSP - "C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe" 2R CAISafe - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe 2R EvtEng (Intel® PROSet/Wireless Event Log) - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe 2S Fax - C:\WINDOWS\system32\fxssvc.exe 3S gusvc (Google Updater Service) - "C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe" 2R hnmsvc (Advanced Networking Service) - "C:\Programfiler\Dell Network Assistant\hnm_svc.exe" 3R iPod Service (iPod-tjeneste) - C:\Programfiler\iPod\bin\iPodService.exe 2R NICCONFIGSVC - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe 3S odserv (Microsoft Office Diagnostics Service) - "C:\Programfiler\Fellesfiler\Microsoft Shared\OFFICE12\ODSERV.EXE" 3S ose (Office Source Engine) - "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" 2R RegSrvc (Intel® PROSet/Wireless Registry Service) - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe 2R S24EventMonitor (Intel® PROSet/Wireless Service) - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2R VETMSGNT (VET Message Service) - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe 2R WLANKEEPER (Intel® PROSet/Wireless SSO Service) - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe -- Scheduled Tasks ------------------------------------------------------------- 2007-03-31 19:05:00 282 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB> -- Files created between 2007-03-04 and 2007-04-04 ----------------------------- 2007-04-04 11:54:13 0 d-------- C:\WINDOWS\CAVTemp 2007-04-04 11:53:27 456344 --a------ C:\Programfiler\comboscan.exe<COMBOS~1.EXE> 2007-04-04 11:20:57 75280 --a------ C:\WINDOWS\system32\vetredir.dll 2007-04-04 11:20:57 75280 --a------ C:\WINDOWS\system32\isafprod.dll 2007-04-04 11:20:57 95760 --a------ C:\WINDOWS\system32\isafeif.dll 2007-04-04 11:20:57 21392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys 2007-04-04 11:20:57 32528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys 2007-04-04 11:20:57 26640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys 2007-04-04 11:20:57 21648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys 2007-04-04 11:20:57 629264 --a------ C:\WINDOWS\system32\drivers\vetefile.sys 2007-04-04 11:20:57 108592 --a------ C:\WINDOWS\system32\drivers\veteboot.sys 2007-04-04 11:20:50 0 d-------- C:\Programfiler\CA 2007-04-04 11:19:31 9155920 --a------ C:\Programfiler\av_en_32.exe 2007-04-03 20:16:33 7552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2007-04-03 16:04:07 0 d-------- C:\Programfiler\CCleaner 2007-04-03 15:58:27 0 d-------- C:\Programfiler\Lavasoft 2007-04-03 15:57:44 0 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard<WISEIN~1> 2007-03-30 17:24:17 0 d-------- C:\Programfiler\iPod 2007-03-11 20:18:43 1035271 --a------ C:\Programfiler\wrar362.exe 2007-03-11 15:26:16 0 d-------- C:\Programfiler\BitTorrent<BITTOR~1> -- Find3M Report --------------------------------------------------------------- 2007-04-04 11:31:33 0 d---s---- C:\Documents and Settings\Oddrun T. Flovik\Programdata\Microsoft<MICROS~1> 2007-04-03 15:58:33 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\Lavasoft 2007-04-03 15:57:44 0 d-------- C:\Programfiler\Fellesfiler<FELLES~1> 2007-03-30 18:47:32 818 --a------ C:\Documents and Settings\Oddrun T. Flovik\Programdata\wklnhst.dat 2007-03-30 17:24:23 0 d-------- C:\Programfiler\iTunes 2007-03-30 10:19:05 389496 --a------ C:\WINDOWS\system32\perfh014.dat 2007-03-30 10:19:04 62390 --a------ C:\WINDOWS\system32\perfc014.dat 2007-03-13 12:45:21 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\BitTorrent<BITTOR~1> 2007-03-11 21:47:43 4442198 --a------ C:\Programfiler\Frank Sinatra - I did it my way.mp3<FRANKS~1.MP3> 2007-03-11 19:49:00 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-03-11 19:48:57 88 -r-hs---- C:\WINDOWS\system32\E1C5B3651A.sys<E1C5B3~1.SYS> 2007-03-11 11:41:59 0 d-------- C:\Programfiler\QuickTime<QUICKT~1> 2007-03-11 11:40:24 0 d-------- C:\Programfiler\Apple Software Update<APPLES~1> 2007-03-11 11:32:51 0 d-------- C:\Programfiler\Fellesfiler\Sonic Shared<SONICS~1> 2007-02-27 11:06:00 0 d-------- C:\Programfiler\Java 2007-02-27 11:04:35 0 d-------- C:\Programfiler\Dell Network Assistant<DELLNE~1> 2007-02-27 11:03:13 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\AVG7 2007-02-24 00:49:04 0 d-------- C:\Programfiler\Mozilla Thunderbird<MOZILL~1> 2007-02-22 19:49:37 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\Apple Computer<APPLEC~1> 2007-02-22 10:35:59 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\Help 2007-02-16 13:00:44 0 d-------- C:\Programfiler\Microsoft Works<MICROS~2> 2007-02-16 13:00:42 0 d-------- C:\Programfiler\Fellesfiler\Microsoft Shared<MICROS~1> 2007-02-16 13:00:18 0 d-------- C:\Programfiler\Fellesfiler\DESIGNER 2007-02-16 12:59:41 0 d-------- C:\Programfiler\Microsoft.NET<MICROS~1.NET> 2007-02-16 12:58:04 0 d-------- C:\Programfiler\Fellesfiler\System 2007-02-11 23:52:54 0 d-------- C:\Programfiler\Fellesfiler\Adobe 2007-02-11 22:49:08 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\Google 2007-02-11 22:48:06 0 d-------- C:\Programfiler\Google 2007-02-11 22:48:05 0 d--h----- C:\Programfiler\InstallShield Installation Information<INSTAL~1> 2007-02-11 22:47:41 14993976 --a------ C:\Programfiler\GoogleEarthWin.exe<GOOGLE~1.EXE> 2007-02-11 22:07:44 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\AdobeUM 2007-02-11 22:07:44 0 d-------- C:\Documents and Settings\Oddrun T. Flovik\Programdata\Adobe 2007-02-10 12:57:35 0 d-------- C:\Programfiler\MFInstall<MFINST~1> 2007-01-29 10:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2007-01-20 21:34:53 4010 --a------ C:\WINDOWS\mozver.dat 2007-01-20 21:29:45 0 --a------ C:\WINDOWS\nsreg.dat 2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2007-01-12 10:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll 2007-01-12 10:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll 2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 20:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Programfiler\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "BitTorrent"="\"C:\\Programfiler\\BitTorrent\\bittorrent.exe\" --force_start_minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "SigmatelSysTrayApp"="stsystra.exe" "ATICCC"="\"C:\\Programfiler\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "SynTPEnh"="C:\\Programfiler\\Synaptics\\SynTP\\SynTPEnh.exe" "Dell QuickSet"="C:\\Programfiler\\Dell\\QuickSet\\quickset.exe" "IntelZeroConfig"="\"C:\\Programfiler\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Programfiler\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "DVDLauncher"="\"C:\\Programfiler\\filer\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "DMXLauncher"="C:\\Programfiler\\Dell\\Media Experience\\DMXLauncher.exe" "ISUSPM Startup"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Programfiler\\Fellesfiler\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "Google Desktop Search"="\"C:\\Programfiler\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "Corel Photo Downloader"="C:\\Programfiler\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "MSKDetectorExe"="C:\\Programfiler\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "QuickTime Task"="\"C:\\Programfiler\\QuickTime\\qttask.exe\" -atboottime" "mouwbekzsv"="c:\\windows\\system32\\mouwbekzsv.exe mouwbekzsv" "iTunesHelper"="\"C:\\Programfiler\\iTunes\\iTunesHelper.exe\"" "cctray"="\"C:\\Programfiler\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\"" "CAVRID"="\"C:\\Programfiler\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV NetworkService REG_MULTI_SZ DnsCache DcomLaunch REG_MULTI_SZ DcomLaunchTermService rpcss REG_MULTI_SZ RpcSs imgsvc REG_MULTI_SZ StiSvc termsvcs REG_MULTI_SZ TermService -- End of ComboScan: finished at 2007-04-04 at 11:55:49 ------------------------ Endret 25. desember 2007 av Oddrun Lenke til kommentar
norbat Skrevet 4. april 2007 Del Skrevet 4. april 2007 Har du kjørt gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246? Hvis ikke, gjør du det, så tar vi det derfra. Hvilke programmer er det du bli anbefalt i disse meldingene? Lenke til kommentar
Oddrun Skrevet 5. april 2007 Forfatter Del Skrevet 5. april 2007 Error Safe, WinAntiVirus, DriveCleaner er programmene det mases om. Nå har jeg kjørt langversjonen og dette er loggene: Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan LogGenerated 04/05/2007 at 07:56 AM Application Version : 3.6.1000 Core Rules Database Version : 3213 Trace Rules Database Version: 1223 Scan type : Complete Scan Total Scan Time : 00:39:14 Memory items scanned : 166 Memory threats detected : 0 Registry items scanned : 5200 Registry threats detected : 0 File items scanned : 27160 File threats detected : 5 Adware.Tracking Cookie C:\Documents and Settings\Oddrun T. Flovik\Cookies\[email protected][1].txt C:\Documents and Settings\Oddrun T. Flovik\Cookies\oddrun_t._flovik@mediaplex[1].txt C:\Documents and Settings\Oddrun T. Flovik\Cookies\[email protected][1].txt C:\Documents and Settings\Oddrun T. Flovik\Cookies\[email protected][1].txt C:\Documents and Settings\Oddrun T. Flovik\Cookies\oddrun_t._flovik@winantivirus[1].txt Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 08:07:55, on 05.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\QuickTime\qttask.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061011 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.kvinneguiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061011 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&client=...=no&ibd=6061011 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programfiler\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cctray] "C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe Lenke til kommentar
Kvikksølv Skrevet 5. april 2007 Del Skrevet 5. april 2007 Både ErrorSafe og DriveCleaner er fullpakket med drit og sier at PC'n din er full av voksen-steder og lignende. Jeg har blirr smartere gjennom årene og har lært meg til å ikke laste ned slike programmer Lenke til kommentar
Znoken Skrevet 5. april 2007 Del Skrevet 5. april 2007 O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab Slett den...Var den eneste fra loggen jeg fant som ikke var bra....Ellers så var loggen helt oko....Kjør hijackthis og merk den av jeg har kopiert inn her og og gå på fix checked... Lenke til kommentar
norbat Skrevet 5. april 2007 Del Skrevet 5. april 2007 (endret) Hei, Oddrun Hent Smitfraudfix og pakk det ut på skrivebordet. Hent Blacklight (klikk accept-knappen nede på siden for å starte nedlastingen.) og legg den på skrivebordet. Kjør en scann med Blacklight og fortell om den finner noe. Hvis den finner noe, velger du 'Rename' Kjør Smitfraudfix, velg valg 1 Hvis den finner noe, restarter du i sikker modus (tapp F8 under oppstart, velg sikker modus) og kjører smitfraudfix på nytt med valg 2 (clean) Restart pc'n i alle tilfeller og fortell hvordan pc'n kjører. Endret 5. april 2007 av norbat Lenke til kommentar
Oddrun Skrevet 7. april 2007 Forfatter Del Skrevet 7. april 2007 Blacklight fant følgende: xwdwvv.exe xwdwvv.dat xwdwvv_nav.dat xwdwvv_navps.dat SmitFraudFix Klikk for å se/fjerne innholdet nedenfor SmitFraudFix v2.164 Scan done at 16:07:43,10, 07.04.2007 Run from C:\Documents and Settings\Oddrun T. Flovik\Skrivebord\SmitfraudFix OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\windows\system32\xwdwvv.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe C:\Programfiler\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Oddrun T. Flovik\Skrivebord\fsbl.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Oddrun T. Flovik »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Oddrun T. Flovik\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ODDRUN~1.FLO\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programfiler »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Min gjeldende hjemmeside" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport for pakkeplanlegger DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{EEAD4F60-57C7-45F3-8C0A-EEDB64BE2C04}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{EEAD4F60-57C7-45F3-8C0A-EEDB64BE2C04}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{EEAD4F60-57C7-45F3-8C0A-EEDB64BE2C04}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Skal nå prøve å kjøre i sikkert modus Lenke til kommentar
norbat Skrevet 7. april 2007 Del Skrevet 7. april 2007 Heisann, Velg 'Rename' på det Blacklight fant, så vil nok disse meldingene være borte Det ser ikke ut som om Smitfraudfix fant noe særlig av interesse. Post gjerne en ny HJT-logg. Lenke til kommentar
Oddrun Skrevet 7. april 2007 Forfatter Del Skrevet 7. april 2007 Her er Hijack Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 18:04:37, on 07.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe C:\Programfiler\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061011 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&client=...=no&ibd=6061011 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programfiler\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cctray] "C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [xwdwvv] c:\windows\system32\xwdwvv.exe xwdwvv O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe Lenke til kommentar
norbat Skrevet 7. april 2007 Del Skrevet 7. april 2007 Hent Vundofix legg det på skrivebordet. Kjør programmet og velg 'Scan for Vundo' Deretter 'Remove Vundo' Svar Yes, om du får noen spm. om å fjerne filer Pc'n vil restarte Post loggen fra Vundofix sammen med en ny HJT-logg Lenke til kommentar
Oddrun Skrevet 7. april 2007 Forfatter Del Skrevet 7. april 2007 Vundofix fant ingenting Lenke til kommentar
norbat Skrevet 7. april 2007 Del Skrevet 7. april 2007 Kjør HJT, sett merke framfor følgende linje og klikk 'Fix checked': O4 - HKLM\..\Run: [xwdwvv] c:\windows\system32\xwdwvv.exe xwdwvv Sørg for at du kan se skjulte filer og mapper (Kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Restart i sikker modus (tapp F8 under oppstart, velg sikker modus) Bruk utforsker til å finne og slette (i fet): c:\windows\system32\xwdwvv.exe Restart i normal tilstand Post en ny HJT-logg og fortell hvordan pc'n kjører. Lenke til kommentar
Oddrun Skrevet 7. april 2007 Forfatter Del Skrevet 7. april 2007 Fant bare en fil som het xwdwvv.exe.ren Ny HiJack Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 20:28:55, on 07.04.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Programfiler\Dell Network Assistant\hnm_svc.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\Dell\QuickSet\quickset.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe C:\Programfiler\Dell\Media Experience\DMXLauncher.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Dell Network Assistant\ezi_hnm2.exe C:\Programfiler\Digital Line Detect\DLG.exe C:\Programfiler\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Programfiler\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.kvinneguiden.no/index.php? R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.no/ig/dell?hl=no&client=dell-row&channel=no&ibd=6061011 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.no/ig/dell?hl=no&client=...=no&ibd=6061011 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programfiler\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKDetectorExe] C:\Programfiler\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [cctray] "C:\Programfiler\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programfiler\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Programfiler\BitTorrent\bittorrent.exe" --force_start_minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Dell Network Assistant.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Programfiler\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe Det har forresten ikke vært noe tull de siste timene her på maskinen. Nå tar jeg kveld og får fortsette i morgen Takk så lenge! Lenke til kommentar
norbat Skrevet 7. april 2007 Del Skrevet 7. april 2007 Vel, loggen din er ren , så jeg tør og påstå at pc'n din er fri for spyware Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting. Sett merke framfor "Slå av .....", restart pc, fjern merket igjen for å aktivere funksjonen. Etterpå lager du deg et gjenopprettingspunkt manuelt Tilbehør->systemverktøy->systemgjenoppretting. Velg å opprette et nytt. Navgi det og klikk opprett. Lenke til kommentar
Yama Skrevet 7. april 2007 Del Skrevet 7. april 2007 Personlig kjører jeg Norton Internet Security, som jo hjelper for både Virus og spyware, etc... samtidig har jeg AdAware og Windows Defender... disse kjører jeg med jevne mellomrom. har tills nå ikke hatt problemer, etter at jeg skrudde paranoian till 110%... disse scanner maskinen fullstendig, har lagt på allt av tillegs greier for at ikke noe skal utelates... det jeg også gjør er og skru FF, som jeg bruker, til og spørre om alt som gjelder cookies. gjør at jeg også føler meg litt sikrere... jeg laster også bare ned fra "sikre" sider som jeg føler meg trygg på. Etter at filer er lastet ned scanner jeg dem med norton både før og etter evt nødvendig utpakking. deretter scanner jeg etter at programmet er installert... veldig tunvindt. men som sagt, jeg har ikke hatt problemer etter at jeg started denne rutinen... ellers bruk sunn fornuft... Lenke til kommentar
norbat Skrevet 7. april 2007 Del Skrevet 7. april 2007 (endret) Du verden.........Prøver du å gjøre oss arbeidsløs? Økt sikkerhet vil stort sett alltid gå utover brukervennligheten, men hvis man klarer å tilpasse seg dette så er jo det fint. Har selv NIS 2007 som eneste sikkerhetsprogram på hovedpc'n og har selv ikke opplevd noe store problemer. Men som du også er inne på, sunn fornuft (les: nettvett) er kanskje det viktigste sikkerhetstiltaket. Endret 7. april 2007 av norbat Lenke til kommentar
Yama Skrevet 8. april 2007 Del Skrevet 8. april 2007 Du verden.........Prøver du å gjøre oss arbeidsløs? Økt sikkerhet vil stort sett alltid gå utover brukervennligheten, men hvis man klarer å tilpasse seg dette så er jo det fint. Har selv NIS 2007 som eneste sikkerhetsprogram på hovedpc'n og har selv ikke opplevd noe store problemer. Men som du også er inne på, sunn fornuft (les: nettvett) er kanskje det viktigste sikkerhetstiltaket. 8328828[/snapback] hehe. vet ikke om du refferer til mitt inlegg i starten der. men det funker fett for meg. bruker jo selvsagt litt mer tid. men slipper også unna mye trøbbel... NIS er veldig bra... noen sier det tar mye minne, men jeg har ikke no prob med det, så lenge maskine er sikker og jeg ikke opplever problemer bryr jeg meg ikke egentlig... Lenke til kommentar
johome Skrevet 8. april 2007 Del Skrevet 8. april 2007 Har selv NIS 2007 som eneste sikkerhetsprogram på hovedpc'n og har selv ikke opplevd noe store problemer. 8328828[/snapback] Interessant. De aller fleste som har greie på data som jeg har vært borti, skyr jo NIS som pesten. Det at de nyeste versjoner av NIS bruker mindre ressurser enn de for noen år siden gjør det jo mere aktuellt for min del. Jeg hadde NIS for noen år siden , men gikk bort fra det da jeg synes at Pc'en ble tregere. Jeg kommer kanskje til å gå for NIS 2008 , eller Norton 360. Så kan jeg kaste ut alle freewareprogrammene som det har blitt litt for mye av. Kommer kanskje også til å gå for Spy Sweeper , da jeg har hørt at spyware ikke akkurat er NIS sin sterkeste side. Lenke til kommentar
Oddrun Skrevet 8. april 2007 Forfatter Del Skrevet 8. april 2007 I dag har maskinen fungert perfekt hele dagen. Tusen takk for all hjelp Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå