agail Skrevet 26. september 2006 Skrevet 26. september 2006 en dag jeg slo på pcèn, var det en ny snarvei der: 100% match bonus jeg sletter den men det tar en stund så kommer den tilbake. hvordan skal jeg få den bort?
Martin A. Skrevet 26. september 2006 Skrevet 26. september 2006 Post HiJackThis-logg. Blir umulig for oss å gjette oss frem til alle program du har installert nylig. Kjør også en AdAware-scan
agail Skrevet 26. september 2006 Forfatter Skrevet 26. september 2006 har kjørt adaware scan flere ganger. Logfile of HijackThis v1.99.1 Scan saved at 20:35:06, on 26.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\DAEMON Tools\daemon.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\swdoctor.exe C:\PROGRA~1\COMMON~1\STEM~1\spoolsv.exe C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Common Files\M?crosoft\m?iexec.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\µTorrent 1.6\utorrent.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Messenger\msmsgs.exe C:\WINDOWS\system32\spider.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {B841E2F1-586C-729E-12FD-77E29771739F} - C:\WINDOWS\system32\eplqqi.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DOCUME~1\Joakim\SKRIVE~1\Joakim\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\Joakim\SKRIVE~1\Joakim\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {B841E2F1-586C-729E-12FD-77E29771739F} - C:\WINDOWS\system32\eplqqi.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [sils] "C:\PROGRA~1\COMMON~1\STEM~1\spoolsv.exe" -vt yazb O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\Joakim\SKRIVE~1\Joakim\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin3.dll O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\VB\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
berxter Skrevet 27. september 2006 Skrevet 27. september 2006 Fått deg en ekkel Netoptimizer her. Gå hit: http://securityresponse.symantec.com/avcenter/FxNetOpt.exe og kjør verktøyet. Så setter du opp og kjører Ewido i safe mode slik: http://rstones12.geekstogo.com/ewidosetup.htm Kjør så ccleaner (husk å fjerne haka for "only remove temp files older than 48 hours" i options->advanced) Etterpå legger du ut en fersk HJTlogg. Dersom du da fortsatt har disse 015-tingene og evt annet mussen wir andere Metoden suchen. Bernt K
Fin Skjorte Skrevet 27. september 2006 Skrevet 27. september 2006 Kjør så ccleaner (husk å fjerne haka for "only remove temp files older than 48 hours" i options->advanced) 6947900[/snapback] Ser du har anbefalt det i flere tråder, lurte bare på hvorfor det egentlig? Hvor skadelig er det at det forsvinner nyere temp filer?
berxter Skrevet 27. september 2006 Skrevet 27. september 2006 Eh, dersom du ikke fjerner haka, lar ccleaner nye tempfiler STÅ igjen, og det er uheldig når du holder på å fjerne grums. Jeg forstår at det er lett å feiltolke setningen, ihvertfall ved hurtigskumming. Hvorfor defaulten i ccleaner er satt slik aner jeg ikke. Bernt K
Fin Skjorte Skrevet 27. september 2006 Skrevet 27. september 2006 Hehe! Les før du spør er jo en gyllen regel!
agail Skrevet 27. september 2006 Forfatter Skrevet 27. september 2006 har gjort alt som du sa berxter. Logfile of HijackThis v1.99.1 Scan saved at 17:37:03, on 27.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\DAEMON Tools\daemon.exe C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\virus greier\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\swdoctor.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Documents and Settings\Joakim\Skrivebord\Joakim\virus greier\ewido anti-spyware 4.0\guard.exe C:\Programfiler\Norton AntiVirus\navapsvc.exe C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\devldr32.exe C:\Programfiler\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Messenger\msmsgs.exe C:\Documents and Settings\Joakim\Skrivebord\Joakim\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {B841E2F1-586C-729E-12FD-77E29771739F} - C:\WINDOWS\system32\eplqqi.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\DOCUME~1\Joakim\SKRIVE~1\Joakim\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\DOCUME~1\Joakim\SKRIVE~1\Joakim\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {B841E2F1-586C-729E-12FD-77E29771739F} - C:\WINDOWS\system32\eplqqi.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Joakim\Skrivebord\Joakim\virus greier\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spyware Doctor] "C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [sils] "C:\PROGRA~1\COMMON~1\STEM~1\spoolsv.exe" -vt yazb O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\DOCUME~1\Joakim\SKRIVE~1\Joakim\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O12 - Plugin for .mpeg: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin3.dll O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Joakim\Skrivebord\Joakim\virus greier\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Documents and Settings\Joakim\Skrivebord\Joakim\Programmer\VB\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)
berxter Skrevet 28. september 2006 Skrevet 28. september 2006 Jeg fikk det litt travelt her; kjør ccleaner, Panda Activescan, få HJT til å fixe: R3 - URLSearchHook: (no name) - {B841E2F1-586C-729E-12FD-77E29771739F} - C:\WINDOWS\system32\eplqqi.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {B841E2F1-586C-729E-12FD-77E29771739F} - C:\WINDOWS\system32\eplqqi.dll (file missing) O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513 O4 - HKCU\..\Run: [sils] "C:\PROGRA~1\COMMON~1\STEM~1\spoolsv.exe" -vt yazb O15 - Trusted Zone: *.adgate.info O15 - Trusted Zone: *.adsextend.net O15 - Trusted Zone: *.imagesrvr.com O15 - Trusted Zone: *.matcash.com O15 - Trusted Zone: *.mmohsix.com O15 - Trusted Zone: *.snipernet.biz O15 - Trusted Zone: *.systemdoctor.com O15 - Trusted Zone: *.adgate.info (HKLM) O15 - Trusted Zone: *.adsextend.net (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.matcash.com (HKLM) O15 - Trusted Zone: *.snipernet.biz (HKLM) O15 - Trusted Zone: *.systemdoctor.com (HKLM) Legg ut Pandaloggen og blodfersk HJTlogg. Bernt K
agail Skrevet 28. september 2006 Forfatter Skrevet 28. september 2006 hijackthis.txt er HJT loggen. Activescan.txt er Pandaloggen. hijackthis.txt Activescan.txt
berxter Skrevet 29. september 2006 Skrevet 29. september 2006 (endret) HJTloggen ser bra ut, med ett unntak, men følgende filer må slettes, om nødvendig med Killbox: C:\Documents and Settings\Helene\Lokale innstillinger\Temporary Internet Files\Content.IE5\BNX3FDGW\nwnmff_e[1].exe (her sletter du hele BNX3FDGW-folderen) C:\Programfiler\Common Files\M?crosoft\m?iexec.exe (her tar du hele M?crosoft-folderen) C:\Programfiler\Fellesfiler\Yazzle1281OinAdmin.exe C:\RECYCLER\S-1-5-21-1390067357-412668190-725345543-1007\Dc5.exe Den første og den siste skulle vel egentlig ccleaner ha tatt, men velvel. Unntaket i HJT er 015-adgategreia. Få HJT til å fixe den. Bernt K Endret 29. september 2006 av berxter
agail Skrevet 29. september 2006 Forfatter Skrevet 29. september 2006 takk for all hjelpen berxter. maskinen er mye bedre nå
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå