Blårens Skrevet 26. februar 2006 Skrevet 26. februar 2006 Å jeg har sykt lyst til å fjerne IExplorer på grunn av popups og spyware Er det noen som vet hvordan man gjør det eller har link til en fin liten guide?
AKIRAx77 Skrevet 26. februar 2006 Skrevet 26. februar 2006 Eller du kan instalere Google toolbar og MS antispyware. Jeg har ingen nevneverdige problemer med spyware eller popups. Antivirus software er også viktig! Men du kan jo bare instalere Opera eller Firefox, og når den spør deg om du vil bruke den browseren som standard så sier du ja. Så kan du slette alle shortcuts til IE så du eller andre ikke starter den av gammel vane. AKIRA
Blårens Skrevet 26. februar 2006 Forfatter Skrevet 26. februar 2006 (endret) problemet er at ie poper opp hele tiden det gjør meg så irritert at noen blir drept snart BTW: Jeg bruker Opera, men jeg var så dum at jeg brukte IE i 5 min Etter de 5 minuttene var det masse spyware å drit som er umulig å fjerne Endret 26. februar 2006 av MongoMan
L O G I M A N Skrevet 26. februar 2006 Skrevet 26. februar 2006 IE er i grunn umulig å fjerne fra xp. Men det går ann å fjerne linkingen til det som internett browser. Alle filbrowsere og internett browseren er så å si det samme i xp. Du kan jo sette opera som standardleser.
Pozzolan Skrevet 26. februar 2006 Skrevet 26. februar 2006 Du kan jo prøve å laste ned Hijackthis og poste en logg så kan vi hjelpe deg med å fjerne spywaren
Blårens Skrevet 26. februar 2006 Forfatter Skrevet 26. februar 2006 (endret) Kort liten log Har poppa opp masse advarsler om de rdgNO2405.exe filene vet at det er spyware men når jeg sletter det kommer det på nytt edit: fjerna linking i loggen Logfile of HijackThis v1.99.1 Scan saved at 16:35:08, on 26.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\WINDOWS\System32\GEARSec.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe C:\Programfiler\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\?asks\w?auboot.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\WINDOWS\SKS~1\chkntfs.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Morten\Mine dokumenter\opera\Opera.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\TEMP\win9C7.tmp.exe C:\WINDOWS\TEMP\win9CC.tmp.exe C:\WINDOWS\TEMP\win9C7.tmp.exe C:\WINDOWS\TEMP\win9CC.tmp.exe C:\Hijackthis\HijackThis.exe C:\WINDOWS\TEMP\win9C7.tmp.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hw.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RaidTool] C:\Programfiler\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DAEMON Tools] "E:\Progz\Daemon-Tools\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Progz\Winamp\winampa.exe O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programfiler\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TaskSwitchXP] E:\Progz\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [Uyiwy] C:\WINDOWS\?asks\w?auboot.exe O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - HKCU\..\Run: [Caos] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt ndrv O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Progz\Logitech\Setpoint\SetPoint.exe O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra button: GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - E:\Progz\GetWebPics\GetWebPics\Gwp4Ie.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Download pictures with GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - E:\Progz\GetWebPics\GetWebPics\Gwp4Ie.dll (file missing) (HKCU) O16 - DPF: {04AEC6D3-01BA-1D60-75B9-11BA7D331115} - rdgNO2405.exe O16 - DPF: {071D2C01-542B-345C-5706-23190310F6F3} - gdnNO1503.exe O16 - DPF: {1707F61B-A262-170E-81D7-61E66ED1DC81} - gdnNO1503.exe O16 - DPF: {1DD6397A-F145-7436-C100-468364748ED1} - http://69.50.173.166/1/gdnNO1503.exe O16 - DPF: {23EE7B41-F801-237F-7748-47BF4616185E} -rdgNO2405.exe O16 - DPF: {2CFC282F-C770-055A-C903-17273015FE30} -rdgNO2405.exe O16 - DPF: {3A0E09D1-073B-65BF-DC08-35CA742BF157} - rdgNO2405.exe O16 - DPF: {475453B9-9B44-5195-3559-236378514D11} - rdgNO2405.exe O16 - DPF: {4C61892F-6A13-5FB2-2BDD-33D7394207C9} - rdgNO2405.exe O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - rdgUS2405.exe O16 - DPF: {574D7A70-C25A-0CF4-AB69-77067864EC65} - rdgNO2405.exe O16 - DPF: {6149D8FF-B7E4-4D79-22A8-7D0C357B9A9D} - rdgNO2405.exe O16 - DPF: {67627311-ECA9-7912-E984-512B3C1DEC1D} - rdgNO2405.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123 O16 - DPF: {7F9C88F2-163F-7277-1ACB-1DB15F02A2AE} - http://69.50.173.166/1/rdgNO2405.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Endret 26. februar 2006 av MongoMan
Pozzolan Skrevet 26. februar 2006 Skrevet 26. februar 2006 (endret) Uff! Det var mye Du kan begynne med å fjerne følgende: C:\WINDOWS\?asks\w?auboot.exe C:\WINDOWS\SKS~1\chkntfs.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file O4 - HKCU\..\Run: [Uyiwy] C:\WINDOWS\?asks\w?auboot.exe O4 - HKCU\..\Run: [Caos] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt ndrv O9 - Extra button: GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - E:\Progz\GetWebPics\GetWebPics\Gwp4Ie.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Download pictures with GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - E:\Progz\GetWebPics\GetWebPics\Gwp4Ie.dll (file missing) (HKCU) O16 - DPF: {04AEC6D3-01BA-1D60-75B9-11BA7D331115} - O16 - DPF: {071D2C01-542B-345C-5706-23190310F6F3} - O16 - DPF: {1707F61B-A262-170E-81D7-61E66ED1DC81} - O16 - DPF: {1DD6397A-F145-7436-C100-468364748ED1} - O16 - DPF: {23EE7B41-F801-237F-7748-47BF4616185E} - O16 - DPF: {2CFC282F-C770-055A-C903-17273015FE30} - O16 - DPF: {3A0E09D1-073B-65BF-DC08-35CA742BF157} - O16 - DPF: {475453B9-9B44-5195-3559-236378514D11} - O16 - DPF: {4C61892F-6A13-5FB2-2BDD-33D7394207C9} - O16 - DPF: {4EDD7E56-3BAA-13B6-D0D4-4A6A2FE914A6} - O16 - DPF: {574D7A70-C25A-0CF4-AB69-77067864EC65} - O16 - DPF: {6149D8FF-B7E4-4D79-22A8-7D0C357B9A9D} - O16 - DPF: {67627311-ECA9-7912-E984-512B3C1DEC1D} - 16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123[/url] O16 - DPF: {7F9C88F2-163F-7277-1ACB-1DB15F02A2AE} - O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll Dette gjør du i sikkermodus Etter du har gjort dette så poster du en ny logg Edit Bedre Endret 26. februar 2006 av stealthy
Blårens Skrevet 26. februar 2006 Forfatter Skrevet 26. februar 2006 bruk code tags for å fjerne linking
eivind04 Skrevet 26. februar 2006 Skrevet 26. februar 2006 (endret) Hvis du går inn på "control panel" (kontrollpanel), deretter legg til/ fjern programmer, så trykker du på legg til/ fjern windowskomponenter, fjerner så avmerkingen foran explorer så tror jeg den vil bli fjernet fra windows ( har bare engelsk versjon av xp så jeg tror oversettelsen til norsk er ok) Endret 26. februar 2006 av eivind04
nahojdat Skrevet 26. februar 2006 Skrevet 26. februar 2006 (endret) Edit: fikset................................ Endret 27. februar 2006 av nahojdat
Blårens Skrevet 26. februar 2006 Forfatter Skrevet 26. februar 2006 (endret) Ny logg Logfile of HijackThis v1.99.1 Scan saved at 17:59:32, on 26.02.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\WINDOWS\System32\GEARSec.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Programfiler\VIA\RAID\raid_tool.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\LogiTray.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Messenger\msmsgs.exe C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe C:\Programfiler\Logitech\Video\FxSvr2.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Morten\Mine dokumenter\opera\Opera.exe C:\WINDOWS\TEMP\win9CC.tmp.exe C:\WINDOWS\TEMP\win9C7.tmp.exe C:\WINDOWS\TEMP\win9CC.tmp.exe C:\WINDOWS\TEMP\win9C7.tmp.exe C:\WINDOWS\TEMP\win9CC.tmp.exe C:\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hw.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RaidTool] C:\Programfiler\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DAEMON Tools] "E:\Progz\Daemon-Tools\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] E:\Progz\Winamp\winampa.exe O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programfiler\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programfiler\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TaskSwitchXP] E:\Progz\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe" O4 - HKCU\..\Run: [uyiwy] C:\WINDOWS\?asks\w?auboot.exe O4 - HKCU\..\Run: [Caos] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt ndrv O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Progz\Logitech\Setpoint\SetPoint.exe O4 - Global Startup: Norton GoBack.lnk = C:\Programfiler\Norton SystemWorks\Norton GoBack\GBTray.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programfiler\Norton SystemWorks\Norton Cleanup\WCQuick.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Norton Internet Security\comHost.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programfiler\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe Endret 26. februar 2006 av MongoMan
Pozzolan Skrevet 26. februar 2006 Skrevet 26. februar 2006 (endret) Den ser bedre ut men det er fortsatt noe snusk igjen. Fjern følgende i sikkermodus: C:\WINDOWS\TEMP\win9CC.tmp.exe C:\WINDOWS\TEMP\win9C7.tmp.exe C:\WINDOWS\TEMP\win9CC.tmp.exe C:\WINDOWS\TEMP\win9C7.tmp.exe C:\WINDOWS\TEMP\win9CC.tmp.exe O4 - HKCU\..\Run: [Uyiwy] C:\WINDOWS\?asks\w?auboot.exe O4 - HKCU\..\Run: [Caos] "C:\WINDOWS\SKS~1\chkntfs.exe" -vt ndrv O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) Du kan også prøve å skanne med Spybot i sikkermodus Håper dette tar knekken på faenskapet!! Endret 26. februar 2006 av stealthy
Blårens Skrevet 26. februar 2006 Forfatter Skrevet 26. februar 2006 Hadde et taskmanager program før som man kunne sette prosseser i karantene eller slette dem, men jeg husker ikke navnet på det
Blårens Skrevet 27. februar 2006 Forfatter Skrevet 27. februar 2006 Security Task Manager heter det Klarte endelig å huske det
Blårens Skrevet 27. februar 2006 Forfatter Skrevet 27. februar 2006 Har fått fjernet det meste men w?auboot.exe og chkntfs.exe kjører fortsatt
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå