slippern Skrevet 3. april 2008 Del Skrevet 3. april 2008 Har kjørt hijackthis.. noen som kan se igjennom den? har også kjørt superantispyware og fant endel stygge ting.. bruker etrust antivirus. ikke det beste.. men fjerner virus.. Får ikke startet Realtime servicen av en eller annen rar grunn. Her er feilmeldingen: The eTrust Antivirus Realtime Server service on Local Computer started and then stopped. Some services stop automatically if they have no work to do, for example, the Performance Logs and Alerts service. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:34:09 PM, on 4/3/2008 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\Program Files (x86)\CA\SharedComponents\Alert\ALERT.EXE C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe C:\WINDOWS\SysWOW64\DWRCS.EXE C:\Program Files (x86)\CA\eTrust Antivirus\InoNmSrv.exe C:\Program Files (x86)\CA\eTrust Antivirus\InoRpc.exe C:\Program Files (x86)\CA\eTrust Antivirus\InoTask.exe C:\Program Files (x86)\CA\eTrust Antivirus\inoweb.exe C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe C:\WINDOWS\ADMT\MSSQL$MS_ADMT\Binn\sqlservr.exe C:\Program Files (x86)\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe C:\WINDOWS\syswow64\snmp.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~2\CA\ETRUST~1\realmon.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\SysWOW64\DWRCST.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~2\CA\ETRUST~1\realmon.exe C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98rmtd.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=userinit O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~2\CA\ETRUST~1\realmon.exe -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Service Manager.lnk = C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O15 - ESC Trusted Zone: http://www.allerinternett.no O15 - ESC Trusted Zone: http://welcome.solutions.brother.com O15 - ESC Trusted Zone: http://www.dell.com O15 - ESC Trusted Zone: http://www1.euro.dell.com O15 - ESC Trusted Zone: http://www.downloaddelivery.com O15 - ESC Trusted Zone: http://www.google-analytics.com O15 - ESC Trusted Zone: http://www.google.no O15 - ESC Trusted Zone: http://*.itavisen.no O15 - ESC Trusted Zone: http://*.itpro.no O15 - ESC Trusted Zone: http://www.kudos.no O15 - ESC Trusted Zone: http://support.lexmark.com O15 - ESC Trusted Zone: http://www.lexmark.no O15 - ESC Trusted Zone: http://a.rad.msn.com O15 - ESC Trusted Zone: http://ads1.msn.com O15 - ESC Trusted Zone: http://rad.msn.com O15 - ESC Trusted Zone: http://runonce.msn.com O15 - ESC Trusted Zone: http://www.online.no O15 - ESC Trusted Zone: http://download.softerra.com O15 - ESC Trusted Zone: http://downloads2.superantispyware.com O15 - ESC Trusted Zone: http://*.technett.no O15 - ESC Trusted Zone: http://m.webtrends.com O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1206636931435 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fauske.lokalt O17 - HKLM\System\CCS\Services\Tcpip\..\{8C192841-5842-4C6D-8A8E-D733E365AF7E}: NameServer = 82.148.148.2,148.122.161.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fauske.lokalt O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Alert Notification Server - Computer Associates International, Inc. - C:\Program Files (x86)\CA\SharedComponents\Alert\ALERT.EXE O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files (x86)\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: DSM SA Event Manager (dcevt32) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe O23 - Service: DSM SA Data Manager (dcstor32) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: DNS Server (DNS) - Unknown owner - C:\WINDOWS\System32\dns.exe (file missing) O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SysWOW64\DWRCS.EXE O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files (x86)\CA\eTrust Antivirus\InoNmSrv.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files (x86)\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files (x86)\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files (x86)\CA\eTrust Antivirus\InoTask.exe O23 - Service: eTrust Antivirus Web Access Server (Inoweb) - Unknown owner - C:\Program Files (x86)\CA\eTrust Antivirus\inoweb.exe O23 - Service: Kerberos Key Distribution Center (kdc) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files (x86)\Dell\SysMgt\sm\mr2kserv.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: DSM SA Shared Services (omsad) - Dell Inc. - C:\Program Files (x86)\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: DSM SA Connection Service (Server Administrator) - Unknown owner - C:\Program Files (x86)\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: Windows Internet Name Service (WINS) (WINS) - Unknown owner - C:\WINDOWS\System32\wins.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) -- End of file - 9110 bytes Lenke til kommentar
norbat Skrevet 3. april 2008 Del Skrevet 3. april 2008 Loggen ser grei ut. Kunne du ha postet SAS-loggen (preferences->statistics/logs) Opplever du noen problemer? Lenke til kommentar
slippern Skrevet 3. april 2008 Forfatter Del Skrevet 3. april 2008 opplever et problem. får ikke endret bakgrunds bildet :S vet ikke hvorfor, noen sier det kan være spyware.. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 04/03/2008 at 09:09 PM Application Version : 4.0.1154 Core Rules Database Version : 3430 Trace Rules Database Version: 1422 Scan type : Quick Scan Total Scan Time : 00:07:26 Memory items scanned : 229 Memory threats detected : 0 Registry items scanned : 140 Registry threats detected : 8 File items scanned : 8345 File threats detected : 18 Browser Hijacker.Internet Explorer Zone Hijack HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\atdmt.com HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\atdmt.com\rmd HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\atdmt.com\rmd#http HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\atdmt.com\view HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\atdmt.com\view#http HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doubleclick.net HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doubleclick.net\ad.no HKU\S-1-5-21-2568368410-1126174450-4230007902-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\doubleclick.net\ad.no#http Adware.Tracking Cookie C:\Documents and Settings\Administrator.ELEV\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator.ELEV\Cookies\administrator@atdmt[2].txt C:\Documents and Settings\Administrator.ELEV\Cookies\[email protected][2].txt C:\Documents and Settings\Administrator.ELEV\Cookies\administrator@doubleclick[2].txt C:\Documents and Settings\Administrator.ELEV\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator.ELEV\Cookies\[email protected][2].txt E:\users\valnesfjord\vakl9\Cookies\kl6@ad-logics[2].txt E:\users\valnesfjord\vakl9\Cookies\[email protected][1].txt E:\users\valnesfjord\vakl9\Cookies\kl6@adtech[2].txt E:\users\valnesfjord\vakl9\Cookies\kl6@advertising[2].txt E:\users\valnesfjord\vakl9\Cookies\kl6@doubleclick[1].txt E:\users\valnesfjord\vakl9\Cookies\[email protected][1].txt E:\users\valnesfjord\vakl9\Cookies\kl6@fastclick[2].txt E:\users\valnesfjord\vakl9\Cookies\kl6@mediaplex[1].txt E:\users\valnesfjord\vakl9\Cookies\kl6@nitrotracker[1].txt E:\users\valnesfjord\vakl9\Cookies\[email protected][1].txt Adware.SearchTool/JizzHut-Installer E:\USERS\ERIKSTAD\ERKL7\ANDREAS V SKJEVIK\DOWNLOADS\PLAY.EXE Adware.180solutions/ZangoSearch E:\USERS\ERIKSTAD\ERKL7\ANDREAS V SKJEVIK\DOWNLOADS\SETUP.EXE Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå