gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 Hva kan grunnen være til at jeg ikke klarer å laste ned superantispyware? De andre programmene går helt fint. Lenke til kommentar
johome Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Ligger ikke problemet her, mon tro?c:\windows\system32\mstsdsc.exe Jeg ser det er flere i verden som har problemer med å bli kvitt den. Jeg er litt rusten, men dersom linja O4 - HKLM\..\Run: [mstsdsc.exe] c:\windows\system32\mstsdsc.exe og C:\windows\system32\mstsdsc.exe dukker opp etter SDFix og Combofix er kjørt; ville jeg - Kjørt HJT: Do a system scan only, haket av disse to, og "fix checked". - Plukket ned Killbox og klistret inn C:\windows\system32\mstsdsc.exe og slettet den v hj a Killbox. Avinstallert Spywareterminator; jeg er helt sikker på at den har installert Crawler-baren, som jeg også ville ha bedt HJT å fixe. Nå ble det kanskje vel mange kokker her: Hvis du bare vil ha en å forholde deg til er det vel Norbat som er best oppdatert. Bernt K 9175534[/snapback] Jeg er helt enig med deg når du råder han til å avinstaller spywareterminator. Ikke noe særlig bra antispywareprogram. Husker jeg ikke feil så leste jeg på et eller annet forum at andre spywareprogram regner det programmet som spyware. Og en test av spywareprogrammer jeg kom over , viste at spywareterminator ikke var i nærheten av å oppdage så mye spyware som f.eks SAS og AVG antispyware. Lenke til kommentar
norbat Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Noen infeksjoner kan forårsaker dette. mstsdsc.exe-fila er en mulig kandidat, men SDFix tar den. Ellers så har du en ekling i form av Microsoft Security Adviser. Denne bruker SAS å ta. Kjenner du til disse 017-linjene i HJT-loggen som er knyttet opp mot Domain = eurn.ey.net? Lenke til kommentar
gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 Noen infeksjoner kan forårsaker dette. mstsdsc.exe-fila er en mulig kandidat, men SDFix tar den. Ellers så har du en ekling i form av Microsoft Security Adviser. Denne bruker SAS å ta. Kjenner du til disse 017-linjene i HJT-loggen som er knyttet opp mot Domain = eurn.ey.net? 9175844[/snapback] Jeg sitter på en annen maskin og laster ned, og denne fungerer helt fint, det er kun superantispyware jeg ikke får ned her. Tror jeg får kjøre en scan på denne maskina også.. Det er en gammel jobb-maskin, og eurn.ey.net er derfra. Setter igang med SDFix og Combofix nå! Lenke til kommentar
gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 (endret) Jeg følger råd fra andre og følger Norbat. Utført. Her er loggene: Takk for hjelpen. Klikk for å se/fjerne innholdet nedenfor SDFix: Version 1.94 Run by gaatil on 30.07.2007 at 23:09 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\KAIARN~1\Desktop\PCTRBB~1\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\system32\mstsdsc.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite" "C:\\Documents and Settings\\Kai Arne Jenssen\\Local Settings\\Temp\\{D0FA8161-8D32-46B2-8482-8FDE2C063F4E}\\{57764780-E33B-11D1-96ED-00A024A83A15}\\k_update.exe"="C:\\Documents and Settings\\Kai Arne Jenssen\\Local Settings\\Temp\\{D0FA8161-8D32-46B2-8482-8FDE2C063F4E}\\{57764780-E33B-11D1-96ED-00A024A83A15}\\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web." "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare" "C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe"="C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe:*:Enabled:burst! download engine" "C:\\Program Files\\Bit Lord 1.1\\BitLord.exe"="C:\\Program Files\\Bit Lord 1.1\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe:*:Enabled:javaw" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\BadApple\\badapple.exe"="C:\\Program Files\\BadApple\\badapple.exe:*:Enabled:badapple" "C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer" "D:\\Bearshare\\BearShare.exe"="D:\\Bearshare\\BearShare.exe:*:Enabled:BearShare" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare" "c:\\windows\\system32\\a.exe"="c:\\windows\\system32\\a.exe:*:Enabled:a" "c:\\windows\\system32\\mstsdsc.exe"="c:\\windows\\system32\\mstsdsc.exe:*:Enabled:mstsdsc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\KAIARN~1\Desktop\PCTRBB~1\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Smart Projects\IsoBuster\Help\AHlp.exe C:\WINDOWS\system32\4F9869CF3D.sys C:\WINDOWS\system32\config\default.tmp.LOG C:\WINDOWS\system32\config\software.tmp.LOG C:\WINDOWS\system32\config\system.tmp.LOG Finished Klikk for å se/fjerne innholdet nedenfor ComboFix 07-07-30.2 - "gaatil" 2007-07-30 23:27:03.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\a.exe C:\WINDOWS\system32\tmwsock.dll ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 ))))))))))))))))))))))))))))))) 2007-07-30 23:26 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-30 23:08 <DIR> d-------- C:\WINDOWS\ERUNT 2007-07-29 18:27 138,368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-07-29 18:25 <DIR> d-------- C:\Program Files\Spyware Terminator 2007-07-29 18:25 <DIR> d-------- C:\Program Files\Crawler 2007-07-29 18:25 <DIR> d-------- C:\DOCUME~1\KAIARN~1\APPLIC~1\Spyware Terminator 2007-07-29 18:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator 2007-06-18 21:19 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-06-18 21:04 42,743 --a------ C:\WINDOWS\mssadv.dll 2007-06-18 21:04 <DIR> d-------- C:\Program Files\Microsoft Security Adviser (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-18 15:52 --------- d-------- C:\DOCUME~1\KAIARN~1\APPLIC~1\Azureus 2007-06-17 02:18 --------- d-------- C:\Program Files\Azureus 2007-06-17 01:26 --------- d-------- C:\DOCUME~1\KAIARN~1\APPLIC~1\BearShare 2005-03-07 15:29:59 104 -csha-r C:\WINDOWS\system32\4F9869CF3D.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-08 18:12] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-08 18:11] "QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 04:30] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 03:04] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 19:39] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-02-05 02:36] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-02-05 02:36] "MSWheel"="" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05] "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 14:09] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 02:03] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 22:58] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 23:01] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27] "Microsoft security adviser"="C:\Program Files\Microsoft Security Adviser\mssadv.exe" [2007-06-18 21:04] "mssadv.exe"="" [] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-07-29 18:26] "msctrl.exe"="C:\Program Files\Microsoft Security Adviser\msctrl.exe" [] "msavsc.exe"="C:\Program Files\Microsoft Security Adviser\msavsc.exe" [] "msscan.exe"="C:\Program Files\Microsoft Security Adviser\msscan.exe" [] "msiemon.exe"="C:\Program Files\Microsoft Security Adviser\msiemon.exe" [] "msfw.exe"="C:\Program Files\Microsoft Security Adviser\msfw.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-10 11:12] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 20:33] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 13:24] "Microsoft security adviser"="C:\Program Files\Microsoft Security Adviser\mssadv.exe" [2007-06-18 21:04] "mssadv.exe"="" [] "msctrl.exe"="C:\Program Files\Microsoft Security Adviser\msctrl.exe" [] "msavsc.exe"="C:\Program Files\Microsoft Security Adviser\msavsc.exe" [] "msscan.exe"="C:\Program Files\Microsoft Security Adviser\msscan.exe" [] "msiemon.exe"="C:\Program Files\Microsoft Security Adviser\msiemon.exe" [] "msfw.exe"="C:\Program Files\Microsoft Security Adviser\msfw.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Canon LBP-800 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2003-07-24 16:24:11] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-11-23 13:36:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] QConGina.dll 2004-08-18 04:30 258048 C:\WINDOWS\system32\QConGina.dll R0 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys R0 Imagedrv;Imagedrv;C:\WINDOWS\system32\DRIVERS\imagedrv.sys R0 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe -k bthsvcs R2 EGATHDRV;IBM Access Support;\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS R2 IISADMIN;IIS Admin;C:\WINDOWS\system32\inetsrv\inetinfo.exe R2 RapidPort;RapidPort;\??\C:\WINDOWS\system32\Drivers\CAPLPTN.SYS R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe R2 SNMP;SNMP Service;C:\WINDOWS\System32\snmp.exe R3 E1000;Intel® PRO/1000 Adapter Driver;C:\WINDOWS\system32\DRIVERS\e1000325.sys R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys S2 NTBOOT;NTBOOTMGR;C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS S3 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\System32\snmptrap.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ Usnsvc usnsvc Contents of the 'Scheduled Tasks' folder 2005-11-08 12:00:34 C:\WINDOWS\Tasks\BMMTask.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-30 23:28:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="System32\DRIVERS\viaagp.sys" Completion time: 2007-07-30 23:29:05 C:\ComboFix-quarantined-files.txt ... 2007-07-30 23:28 --- E O F --- Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 23:30:49, on 30.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\snmp.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Security Adviser\mssadv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\gaatil\Desktop\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.18.205.215:80;gopher=195.18.205.215:80;http=195.18.205.215:80;https=195.18.205.215:443 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\Software\..\Telephony: DomainName = eurn.ey.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurn.ey.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing) O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe Endret 30. juli 2007 av gaatil Lenke til kommentar
norbat Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Klikk Start -> Kjør Skriv: services.msc Finn og stopp følgende tjeneste. Høyreklikk på tjenesten og velg egenskaper. Under oppstartstype velger du Deaktivert: NTBOOTMGR (NTBOOT) Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\Program Files\Microsoft Security Adviser\mssadv.exe C:\Program Files\Microsoft Security Adviser\msctrl.exe C:\Program Files\Microsoft Security Adviser\msavsc.exe C:\Program Files\Microsoft Security Adviser\msscan.exe C:\Program Files\Microsoft Security Adviser\msiemon.exe C:\Program Files\Microsoft Security Adviser\msfw.exe Folders to delete: C:\Program Files\Microsoft Security Adviser Klikk på Trafikklyset. Restart pc'n. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den sammen med ny HJT-logg. Se også om du får lastet ned SAS. Hvis, kjører du en full (complete) scan. Lenke til kommentar
gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 Når jeg pakker ut avenger, gir avast antivirus meg beskjed om at avenger inneholder malware Win32: Trojan-gen Hva gjør jeg med det? Lenke til kommentar
norbat Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Vi overser den meldingen (mulig avast gir en falsk positiv), da avenger er et legalt prog. Følg bare veiledningen. Lenke til kommentar
gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 Utført. Klikk for å se/fjerne innholdet nedenfor Logfile of The Avenger version 1, by Swandog46Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\whatxlmi ******************* Script file located at: \??\C:\WINDOWS\kcpwgjgs.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Program Files\Microsoft Security Adviser\mssadv.exe deleted successfully. File C:\Program Files\Microsoft Security Adviser\msctrl.exe not found! Deletion of file C:\Program Files\Microsoft Security Adviser\msctrl.exe failed! Could not process line: C:\Program Files\Microsoft Security Adviser\msctrl.exe Status: 0xc0000034 File C:\Program Files\Microsoft Security Adviser\msavsc.exe not found! Deletion of file C:\Program Files\Microsoft Security Adviser\msavsc.exe failed! Could not process line: C:\Program Files\Microsoft Security Adviser\msavsc.exe Status: 0xc0000034 File C:\Program Files\Microsoft Security Adviser\msscan.exe not found! Deletion of file C:\Program Files\Microsoft Security Adviser\msscan.exe failed! Could not process line: C:\Program Files\Microsoft Security Adviser\msscan.exe Status: 0xc0000034 File C:\Program Files\Microsoft Security Adviser\msiemon.exe not found! Deletion of file C:\Program Files\Microsoft Security Adviser\msiemon.exe failed! Could not process line: C:\Program Files\Microsoft Security Adviser\msiemon.exe Status: 0xc0000034 File C:\Program Files\Microsoft Security Adviser\msfw.exe not found! Deletion of file C:\Program Files\Microsoft Security Adviser\msfw.exe failed! Could not process line: C:\Program Files\Microsoft Security Adviser\msfw.exe Status: 0xc0000034 Folder C:\Program Files\Microsoft Security Adviser deleted successfully. Completed script processing. ******************* Finished! Terminate. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 00:46:12, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\gaatil\Desktop\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.18.205.215:80;gopher=195.18.205.215:80;http=195.18.205.215:80;https=195.18.205.215:443 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\Software\..\Telephony: DomainName = eurn.ey.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurn.ey.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe Lenke til kommentar
norbat Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked': O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe O4 - HKCU\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe Restart pc'n og post en ny HJT-logg. Hvordan går det med SASnedlastingen? Lenke til kommentar
gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 01:04:51, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\gaatil\Desktop\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.18.205.215:80;gopher=195.18.205.215:80;http=195.18.205.215:80;https=195.18.205.215:443 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\Software\..\Telephony: DomainName = eurn.ey.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurn.ey.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe Jeg har en virusscann gående på den maskina jeg skriver på nå - som funker mot nettet, men jeg klarer fortsatt ikke å laste ned SAS, den stopper på 83%. Min maskin har jeg ennå ikke forsøkt å knytte meg opp med. Lenke til kommentar
norbat Skrevet 30. juli 2007 Del Skrevet 30. juli 2007 Fix denne med HJT: O4 - HKLM\..\Run: [Microsoft security adviser] C:\Program Files\Microsoft Security Adviser\mssadv.exe Rens temp-filer etc.: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Kjør også noen runder med 'Saker' til det ikke finner flere feil. Restart pc Prøv å hente SAS igjen. Hvis du ikke får hentet det fra www.superantispyware.com så prøv: Alt 2 Alt 3 Lenke til kommentar
gaatil Skrevet 30. juli 2007 Forfatter Del Skrevet 30. juli 2007 Da klarer jeg å knytte meg opp mot nettverket igjen med min egen pc! Men nedlasting av superspyware stopper på 78% fra alle tre sitene... Lenke til kommentar
gaatil Skrevet 31. juli 2007 Forfatter Del Skrevet 31. juli 2007 Logg fra superantispyware Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 07/31/2007 at 03:42 PM Application Version : 3.9.1008 Core Rules Database Version : 3276 Trace Rules Database Version: 1287 Scan type : Complete Scan Total Scan Time : 01:26:07 Memory items scanned : 552 Memory threats detected : 0 Registry items scanned : 6069 Registry threats detected : 0 File items scanned : 29264 File threats detected : 10 Adware.Tracking Cookie C:\Documents and Settings\gaatil\Cookies\gaatil@cgi-bin[1].txt C:\Documents and Settings\gaatil\Cookies\gaatil@tradedoubler[2].txt C:\Documents and Settings\gaatil\Cookies\[email protected][1].txt C:\Documents and Settings\gaatil\Cookies\gaatil@tribalfusion[1].txt C:\Documents and Settings\gaatil\Cookies\[email protected][1].txt C:\Documents and Settings\gaatil\Cookies\gaatil@adtech[2].txt C:\Documents and Settings\gaatil\Cookies\gaatil@doubleclick[1].txt BearShare File Sharing Client C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE Trojan.Aff-YourThumbs C:\WINDOWS\MSSADV.DLL Trojan.WinUp C:\WINDOWS\SYSTEM\DRIVER\WIN32.DLL Lenke til kommentar
norbat Skrevet 31. juli 2007 Del Skrevet 31. juli 2007 Så poster du en ny HJT-logg. Hvordan kjører pc? Lenke til kommentar
gaatil Skrevet 31. juli 2007 Forfatter Del Skrevet 31. juli 2007 (endret) Da kjører pc helt fantastisk, det er som om IBM har vært på døra og levert en ny i løpet av natten! Men helt ferdig er jeg nok ikke ennå, det jeg har hatt på maskinen har nok lagt igjen noen visittkort. USB2-portene oppfattes av maskinen min som USB1-porter https://www.diskusjon.no/index.php?showtopic=806016&hl= og forhåndsvisning av thumbnails mv i win explorer fungerer ikke lengre, det er kun ikon-visning. Ellers ser det foreløpig ut som det fungerer greit med det meste. Men noe av dette kan være at maskina begynner å bli vel brukt - og at jeg ikke kan formattere disken og installere alt på nytt, siden det er snakk om en eks-jobbmaskin, og at jeg derfor ikke har installasjonsdisker.. Klikk for å se/fjerne innholdet nedenfor Logfile of HijackThis v1.99.1Scan saved at 17:03:22, on 31.07.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\gaatil\Desktop\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=195.18.205.215:80;gopher=195.18.205.215:80;http=195.18.205.215:80;https=195.18.205.215:443 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Canon LBP-800 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/no/big/1.1....g/GoogleNav.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185876384792 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\Software\..\Telephony: DomainName = eurn.ey.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eurn.ey.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eurn.ey.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe Endret 31. juli 2007 av gaatil Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå