Verktyg Visningsval
2007-09-26, 19:18   #1

Twoedge

Medlem

Twoedges avatar

Plats: Eslöv

Registrerad: nov 2003

Virus, eller vad.


Detta gör mej knasig. jag vet inte vad det är överhuvudtaget.

Min startsida är altavista och i detta exempel har jag sökt på "swedclockers"

I bland blir adressen denna: (jag har satt http inom parantes)

(http)://www.tipablog.com/?aid=13573&q=sweclockers&said=2&rnd0=7723

efter uppdatering kan den bli såhär :

(http)://www.paysefeed.com/search.php?aid=972&q=sweclockers

eller såhär:

(http)://chat.sh.nu/qhwet.php?q=sweclockers&r=5A86

medan den riktiga adressen är :

(http)://av.rds.yahoo.com/_ylt=A9ibyKifjfpGI8YA5BwDRaMX;_ylu=X3oDMTBvdmM3bGlxBHBndANhdl93ZWJfcmVzdWx0BHNlYwNzcg--/SIG=11f8pv1eq/EXP=1190911775/**http%3a//www.sweclockers.com/

Med jämna mellanrum dyker denna adress upp automatiskt i adressfältet längst ner

(http)://www.freexxxmovies.in/update.txt?http://se.altavista.com

Har kört både ad-aware och spy-bot samt f-secure utan att ha hittat något konstigt.

Körde till slut HijackThis och fick denna logfil.

Logfile of HijackThis v1.99.1
Scan saved at 18:41:11, on 2007-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program\F-Secure Internet Security\Common\FCH32.EXE
C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program\F-Secure Internet Security\FSPC\fspc.exe
C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program\WinRAR\WinRAR.exe
C:\DOCUME~1\INGEMA~1\LOKALA~1\Temp\Rar$EX05.781\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.altavista.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDED1C12-AD76-613C-344C-A3BD5C6415B2} - C:\Program\COMMON~1\System\w_3789.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1190740098953
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe


med denna analys

Logfile of HijackThis v1.99.1
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
This should be the newest version.
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

Part of Lavasoft Ad-Aware
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program\Microsoft Hardware\Keyboard\type32.exe

Microsoft Keyboard Software
C:\WINDOWS\system32\rundll32.exe
Safe
This entry was classified from our visitors as good.
C:\Program\F-Secure Internet Security\Common\FSM32.EXE

Possibly nasty! According to our database this process runs normally in c:\programme\f-secure.*\common\! Check if you know this process and arrange a viruscheck where required.
C:\WINDOWS\CTHELPER.EXE
Very safe
Tool für die Creative Soundkarte.
C:\WINDOWS\system32\ctfmon.exe
Very safe
This entry was classified from our visitors as good.
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
Not dangerous, but unnecessary.

C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

Part of F-Secure Anti-Virus
C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

Part of F-Secure Antivirus
C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

F-Secure Antivirus
C:\WINDOWS\system32\nvsvc32.exe
Very safe Not dangerous, but unnecessary.
This entry was classified from our visitors as good.
C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

Possibly nasty! According to our database this process runs normally in c:\programme\f-secure\common\! Check if you know this process and arrange a viruscheck where required. F-SECURE ANTI-VIRUS
C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe

Ulead VideoStudio 8
C:\Program\F-Secure Internet Security\Common\FCH32.EXE

Possibly nasty! According to our database this process runs normally in c:\programme\f-secure.*\common\! Check if you know this process and arrange a viruscheck where required. F-Secure Antivirus
C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

Possibly nasty! According to our database this process runs normally in c:\programme\f-secure.*\common\! Check if you know this process and arrange a viruscheck where required. F-Secure Internet Security Site
C:\Program\F-Secure Internet Security\Anti-Virus\fsqh.exe

F-Secure Internet Security Anti-Virus
C:\Program\F-Secure Internet Security\FSPC\fspc.exe

Part of Shaw Secure FSPC
C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe

F-Secure Internet Security
C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

Possibly nasty! According to our database this process runs normally in c:\programme\f-secure\anti-virus\! Check if you know this process and arrange a viruscheck where required.
C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

Possibly nasty! According to our database this process runs normally in c:\programme\f-secure.*\fwes\program\! Check if you know this process and arrange a viruscheck where required. F-Secure Firewall
C:\WINDOWS\system32\wscntfy.exe
Safe
This entry was classified from our visitors as good.
C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

F-Secure Anti-Virus
C:\Program\F-Secure Internet Security\FSGUI\fsguidll.exe

Part of F-Secure Internet Security
C:\Program\WinRAR\WinRAR.exe

WinRar Packer
C:\DOCUME~1\INGEMA~1\LOKALA~1\Temp\Rar$EX05.781\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.altavista.com/
This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
Neutral This entry should be fixed by HijackThis!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
Very safe This entry was classified from our visitors as good.
O1 - Hosts: localhost 127.0.0.1
Extremely nasty This entry was classified from our visitors as bad.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
SDhelper.dll - Spybot - Search & Destroy, http://spybot.eon.net.au/
O2 - BHO: (no name) - {FDED1C12-AD76-613C-344C-A3BD5C6415B2} - C:\Program\COMMON~1\System\w_3789.dll
Unknown application.
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Safe Unknown application. This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Very safe Unknown application. This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash
F-Secure Antivirus - carry out scheduled virus scans automatically
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
F-Secure antivirus
O4 - HKLM\..\Run: [News Service] "C:\Program\F-Secure Internet Security\FSGUI\ispnews.exe"
Shaw Secure News Service
O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run
Not dangerous, but unnecessary. Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
Safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
Not dangerous, but unnecessary. QuickTime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
AMD Dual-Core Optimizer/Driver
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
Neutral Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
Safe This entry was classified from our visitors as good.
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
Spybot - Search & Destroy - free multi-spyware removal tool from Patrick Kolla. TeaTimer.exe monitors certain changes to the registry and notifies when browser plugins and activeX controls get installed, allowing you to block/reverse this.
O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll
The entry Föräldra has been identified as safe.
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll
The entry has been identified as safe.
O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program\F-Secure Internet Security\FSPC\fspcmsie.dll
The entry Föräldra has been identified as safe.
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
Fuzzy Algorithmcheck (4.43 / 5.00), Safe
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
Fuzzy Algorithmcheck (4.43 / 5.00), Safe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
The entry Messenger has been identified as safe.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
The entry Windows Messenger has been identified as safe.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: c:\program\f-secure internet security\fsps\program\fslsp.dll
This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
Safe This entry was classified from our visitors as good.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...ent/wuweb_site .cab?1190740098953
This entry has been identified as safe.
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
This entry has been identified as safe.
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
This service (aawservice.exe) was identified as a good one.
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
This service (fsgk32st.exe) was identified as a good one.
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FSAUA\program\fsaua.exe
This service (fsaua.exe) was identified as a good one.
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
This service (fsdfwd.exe) was identified as a good one.
O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE
This service (FSMA32.EXE) was identified as a good one.
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Very safe This service (nvsvc32.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program\Delade filer\Ulead Systems\DVD\ULCDRSvr.exe
This service (ULCDRSvr.exe) was identified as a good one.
Short analysis

Detta var inte så roligt att läsa.

O1 - Hosts: localhost 127.0.0.1
Extremely nasty This entry was classified from our visitors as bad.



Vad är där för något fult som gör detta, och vad ska man göra åt det ?

(Ursäkta att det blev så mycket text)
__________________
Antec P180/ Asus A8N-E / A64 X2 3800+ / 2x512 Corsair value select / Gainward GS 7800GT /SB audigy 2 /Antec neopower 480W
Twoedge är inte uppkopplad
2007-09-26, 20:52   #2

Hardware guy

Medlem

Hardware guys avatar

Plats: Scania-Earth-Milky way

Registrerad: nov 2001

w_3789.dll är starkt misstänkt. Starta om i felsäkert läge och döp om den.
__________________
Vägra fx 3of4 Pi 1M 1.84 s Memory remapping
Minnen har ingen egen hastighet. Märkningen anger bara vilken hastighet minnena uppges klara
Hardware guy är inte uppkopplad
2007-09-27, 10:50   #3

Twoedge

Medlem

Twoedges avatar

Plats: Eslöv

Registrerad: nov 2003

Citat:
Ursprungligen inskrivet av Hardware guy
w_3789.dll är starkt misstänkt. Starta om i felsäkert läge och döp om den.

Vilket program är det som använder sig av denna dll.

Och funkar det efter jag har döpt om det.
__________________
Antec P180/ Asus A8N-E / A64 X2 3800+ / 2x512 Corsair value select / Gainward GS 7800GT /SB audigy 2 /Antec neopower 480W
Twoedge är inte uppkopplad
2007-09-27, 12:50   #4

Mr_Lazy

Medlem

Mr_Lazys avatar

Plats: -

Registrerad: jul 2002

Citat:
Ursprungligen inskrivet av Twoedge
Vilket program är det som använder sig av denna dll.

Och funkar det efter jag har döpt om det.
nej det är ju det du märker om du döper om den
__________________
.:Wks: Cooler Master Silencio 650|Core i5 3570 3.4 GHz|Asus P8Z77-V|8 GB| GT 465|1xDell U2311H, 2xAlienware AW2210 2xEizo 19|OCZ Revo 3 Drive 120 + Raptor 150:.
.:Server: Har ett gäng :) :.
-Learn the system, Play the system, Break the system-
Mr_Lazy är uppkopplad nu
2007-10-01, 13:12   #5

Twoedge

Medlem

Twoedges avatar

Plats: Eslöv

Registrerad: nov 2003

Citat:
Ursprungligen inskrivet av Hardware guy
w_3789.dll är starkt misstänkt. Starta om i felsäkert läge och döp om den.

Verkar som om det funkar som det ska nu ..

Tackar för hjälpen.
__________________
Antec P180/ Asus A8N-E / A64 X2 3800+ / 2x512 Corsair value select / Gainward GS 7800GT /SB audigy 2 /Antec neopower 480W
Twoedge är inte uppkopplad
Senaste nyheterna

Redaktionens senaste nyhetsrubriker