PsykoRage Skrevet 15. august 2006 Skrevet 15. august 2006 Tror jeg har spurt om dette før, men husker ikke hvordan jeg fikk det bort sist. Jeg surfet rundt på nettet, plutselig dukket det opp et tegn nede på verktøylinjen. Det er et tegn som skifter mellom disse: Uten_navn.bmp Denne kommer også opp samtidig: Uten_navn2.bmp Pluss at når jeg skal starte Ad-Aware så søker den, etter 30sec kommer det opp at explorer.exe ikke svarer, og så kan jeg velge send eller ikke send rapport, hvis jeg bare lar det være, restarter maskinen uten forvarsel. Hjelp mottas med takk
berxter Skrevet 15. august 2006 Skrevet 15. august 2006 Ah, en liten Smitfraudinfeksjon (variant Spyfalcon, sannsynligvis). Medisinen finner du her: http://siri.geekstogo.com/SmitfraudFix.php Du kan like gjerne kjøre alternativ 2 (clean) med det samme, da diagnosen er entydig.. Husk at den må kjøres i safe mode. Etterpå legger du ut en logg fra HijackThis (du finner'n f eks hos www.merijn.org), "do a scan and save a log", i tilfelle det skulle være mer grums. Bernt K
PsykoRage Skrevet 15. august 2006 Forfatter Skrevet 15. august 2006 Pc'en restarter fortsann når jeg kjører Ad-Aware. Men her er HiJackThis-loggenSkjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 14:13:29, on 15.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Ideazon\Zboard Software\Driver\ZboardTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe C:\Programfiler\ClamWin\bin\ClamTray.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe C:\WINDOWS\system32\85190b72.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\HDD Thermometer\HDD Thermometer.exe C:\Programfiler\HACE\Mmm\Mmm.exe C:\Programfiler\Ideazon\Zboard Software\Driver\Zboard.exe C:\PROGRA~1\SCURIT~1\msiexec.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\regsvr32.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\GUNNAR~1\LOKALE~1\Temp\Rar$EX00.578\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=05.0...=nor&PI=IT&CT=D R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {B744941D-2AF0-270F-DBF7-5217B6850AC4} - C:\WINDOWS\system32\ldpntch.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll O2 - BHO: (no name) - {B744941D-2AF0-270F-DBF7-5217B6850AC4} - C:\WINDOWS\system32\ldpntch.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ClamWin] "C:\Programfiler\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [85190b72.exe] C:\WINDOWS\system32\85190b72.exe O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programfiler\HDD Thermometer\HDD Thermometer.exe O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe" O4 - HKCU\..\Run: [steam] "e:\spill\steam\steam.exe" -silent O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt yazr O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe O4 - Startup: CCleaner.lnk = C:\Programfiler\CCleaner\ccleaner.exe O4 - Startup: Xfire.lnk = C:\Programfiler\Xfire\Xfire.exe O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136727398062 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\scanregw.dll O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\SYSTEM32\winzoa32.dll O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
berxter Skrevet 15. august 2006 Skrevet 15. august 2006 Ikke bare en Smitfraudsak, plukk ned og bruk cwshredder (du finner den hos Trend, bruk google). Og så tror jeg nesten du bør slå til med Ewido kjørt i safe mode. Setup går fram av sida. Denne: C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe bruker du Killbox på, ta hele mappa c:\..\..\?racle\ Vi skal også prøve L2Mfix, da jeg synes en 020-sak minner om det: Prøv denne framgangsmåten: http://www.computing.net/security/wwwboard/forum/17828.html, kjør bare alt 1, og legg ut loggen. Etterpå ser vi gjerne en blodfersk HJTlogg. Jeg regner med at det vil fortsatt være igjen noe snusk, men vi får se. Bernt K
PsykoRage Skrevet 15. august 2006 Forfatter Skrevet 15. august 2006 (endret) cwshredder finner ingen feil. Killbox finner ikke: C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\w?auclt.exe Men skal prøve resten Endret 15. august 2006 av PsykoRage
berxter Skrevet 15. august 2006 Skrevet 15. august 2006 Du har bedt windows om å vise deg systemfiler, skjulte filer osv, ja? Finner du folderen C:\Documents and Settings\Gunnar Gulbrandsen\Mine dokumenter\?racle\ tar du hele møkka. Hele folderen er svineri. Bernt K
PsykoRage Skrevet 28. august 2006 Forfatter Skrevet 28. august 2006 Har ikke hatt tid til å sjekke med ewido før nå, men her har du en logg Skjult tekst: (Marker innholdet i feltet for å se teksten): Logfile of HijackThis v1.99.1Scan saved at 16:01:42, on 28.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Programfiler\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Ideazon\Zboard Software\Driver\ZboardTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Programfiler\D-Tools\daemon.exe C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe C:\Programfiler\ClamWin\bin\ClamTray.exe C:\Programfiler\QuickTime\qttask.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe C:\Programfiler\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\HDD Thermometer\HDD Thermometer.exe C:\Programfiler\HACE\Mmm\Mmm.exe E:\spill\steam\steam.exe C:\PROGRA~1\SCURIT~1\msiexec.exe C:\Programfiler\Ideazon\Zboard Software\Driver\Zboard.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\?dobe\?hkntfs.exe C:\FRAPS\FRAPS.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\WinRAR\WinRAR.exe C:\DOCUME~1\GUNNAR~1\LOKALE~1\Temp\Rar$EX00.047\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.diskusjon.no/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.logitech.com/?BW=2&OS=05.0...=nor&PI=IT&CT=D R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing) R3 - URLSearchHook: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll O2 - BHO: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll O2 - BHO: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programfiler\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programfiler\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ClamWin] "C:\Programfiler\ClamWin\bin\ClamTray.exe" --logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\common\swtrayv4.exe O4 - HKLM\..\Run: [!ewido] "C:\Programfiler\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [LogonStudio] "C:\Programfiler\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Programfiler\HDD Thermometer\HDD Thermometer.exe O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe" O4 - HKCU\..\Run: [steam] "e:\spill\steam\steam.exe" -silent O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt ndrv O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe O4 - HKCU\..\Run: [Nnbiit] C:\Programfiler\?dobe\?hkntfs.exe O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - Startup: CCleaner.lnk = C:\Programfiler\CCleaner\ccleaner.exe O8 - Extra context menu item: &Google-søk - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Oversett engelsk ord - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Koblinger bakover - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Lignende sider - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Øyeblikksbilde av siden i hurtigbufferen - res://C:\Programfiler\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136727398062 O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by112fd.bay112.hotmail.msn.com/activex/HMAtchmt.ocx O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: wbsys.dll O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll (file missing) O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FELLES~1\Stardock\mcpstub.dll (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winzoa32 - winzoa32.dll (file missing) O20 - Winlogon Notify: Zboard - C:\WINDOWS\SYSTEM32\Winlognotif.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programfiler\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
berxter Skrevet 28. august 2006 Skrevet 28. august 2006 Velvel, har du kjørt Ewido i safe mode? Loggen derfra ville være kjekt. Det ser ut som SmitFraudvarianten og L2M nå er uskadeliggjort. Søren heller; denne: O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll ER en CWvariant. Det er mer enda. Alle disse: R3 - URLSearchHook: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing) R3 - URLSearchHook: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll O2 - BHO: (no name) - {92F79C57-2CB3-2111-97FE-772223FF7AC3} - C:\WINDOWS\system32\odu.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\system32\compstuig.dll (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\system32\compstuih.dll O2 - BHO: (no name) - {A81A9CD0-7A39-75C2-1FA5-72F2CE7113C6} - C:\WINDOWS\system32\ghahekg.dll O2 - BHO: (no name) - {CEA4CE06-2BEE-7443-9D84-0022558A7CC8} - C:\WINDOWS\system32\mfse.dll (file missing) O4 - HKCU\..\Run: [Mmm] "C:\Programfiler\HACE\Mmm\Mmm.exe" O4 - HKCU\..\Run: [Eurn] "C:\PROGRA~1\SCURIT~1\msiexec.exe" -vt ndrv O4 - HKCU\..\Run: [85190b72.exe] C:\Documents and Settings\Gunnar Gulbrandsen\Lokale innstillinger\Programdata\85190b72.exe O4 - HKCU\..\Run: [Nnbiit] C:\Programfiler\?dobe\?hkntfs.exe O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162 O20 - Winlogon Notify: h618 - C:\WINDOWS\g519093.dll (file missing) O20 - Winlogon Notify: h619 - C:\WINDOWS\g5716328.dll er bæsj. Jeg antar det ikke vil hjelpe å "fixe" dem med HJT, så: Jeg ser at ?racle har mutert til ?dobe i C:\Programfiler\?dobe\?hkntfs.exe Unnskyld ropinga: HENT DEG ET AVprogram! Avast! og AVG er gode og gratis. Ewido strekker ikke til. Her må du til med AVprogram i safe mode, spysweeper (trialversjon), Panda Activescan, Trend Housecall, ccleaner gjentatte ganger. Kjør disse, ccleaner nok en gang, Panda en gang til, og legg ut Pandaloggen med en fersk HJTlogg. Bernt K /(Sorry, jeg er litt presset på tid...)
nabbskall Skrevet 7. januar 2007 Skrevet 7. januar 2007 (endret) gjennopprett pc'n til før du fekk den dritten du, det hjalp med meg mye enklere enn å begynne å rote i root-filene siden det kan føkke opp windows... EDIT: ja dette var en artig bump.... Endret 7. januar 2007 av Storleer
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå