Workstation:*Acer TimelineX 4830tg *8gb DDR3 1066MHz *Core i5, 2410M, *GeForce GT 540M 2gb, *80gb ssd intel x-25 g2*Griffin Elevator
HTPC:*Lian Li C36B*Gigabyte GA-MA78GM-UD2H*AMD Athlon X2 4850e 2.5GHz + Scyte Shuriken*2x1gb pc8500 corsair dominator*XFX Radeon HD5450 512MB - passivt*40gb ssd intel x-25 g2
hijackthis
Du kör programet och då får man upp en lista med massa olika "filer/tjänster". Så markarar man dom "filerna" som man vill ta bort. Det programet så tar man bort vissa typer av trojaner som läger sig i andra filer. T.ex. så finns det vissa som gör så att din dator låser sig till en speciell start sida. Lägger iconer på skrivbordet mm. Så innan du börjar ta bort saker så ta reda på vilka filer du ska ta bort.
Re: hijackthis
Ursprungligen inskrivet av MB
Såg en tråd precis där det programmet används en del. Men undrar lite vad det gör? Gör den en logg på allt som händer på datorn under tiden datorn är på?
Hur vet man vad man ska ta bort isåfall? huu
om du har problem med IE så posta en logg så ska jag ta en titt på den !
lånar tråden lite..
Mr ultramegadator fryser var femtonde sekund i tre sekunder..
Logfile of HijackThis v1.99.0
Scan saved at 00:16:22, on 2005-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\program\mcafee.com\agent\mcagent.exe
C:\program\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Motherboard Monitor 5\MBM5.exe
C:\Program\Miranda IM\miranda32.exe
C:\Program\mirc\mirc.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Webroot\Spy Sweeper\SpySweeper.exe
c:\program\mcafee.com\vso\mcvsshld.exe
c:\program\mcafee.com\vso\mcvsrte.exe
c:\program\mcafee.com\vso\mcshield.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Mats\LOKALA~1\Temp\Temporär katalog 1 för hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 64.24.234.120 swirve.com # added by utopia angel
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\program\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "c:\program\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\program\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] c:\program\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\Program\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Miranda_3] C:\Program\MIRAND~1\Miranda3.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: MBM 5.lnk = C:\Program\Motherboard Monitor 5\MBM5.exe
O4 - Startup: Miranda IM.lnk = C:\Program\Miranda IM\miranda32.exe
O4 - Startup: mIRC.lnk = C:\Program\mirc\mirc.exe
O4 - Global Startup: Microsoft Outlook.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trend...
O23 - Service: McAfee.com McShield - Unknown - c:\program\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\Program\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\program\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
någon med koll på vad som skall bort om något ?
det enda som jag retar mig på är denna
O1 - Hosts: 64.24.234.120 swirve.com # added by utopia angel
den är lugn.. dovienya approved ^^
tackar i övrigt
Jag lånar också tråden lite, det är nämligen så att Explorer och Mozilla låser sig ibland, så finns det något att tag bort i loggen eller verkar allt ok?
Logfile of HijackThis v1.99.0
Scan saved at 18:29:28, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program\D-Tools\daemon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Winamp\Winamp.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Recived Files\Program\Spyboot Porgs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
//
Jag lånar också denna tråd till att posta min HijackThis-log:
Logfile of HijackThis v1.98.2
Scan saved at 19:36:34, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Eset\nod32kui.exe
C:\Program\WhatPulse\WhatPulse.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\iTunes\iTunes.exe
E:\=^~+¤SHaReD¤+~^=\Krapel&Romu\Program\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKCU\..\Run: [WhatPulse] C:\Program\WhatPulse\WhatPulse.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
Finns där nåt suspekt?
Ettan: P160 + BlueStorm 500W - P5B Premium - E4300@3,2GHz - 2x1GB 800MHz - Palit 8800GT@710x1015 - 410GB - Samsung 206BW
Tvåan: NoName + 300W - MSI K8T NeoFIS2R - A64 3000+ - 2x512MB 400MHz - Leadtek 6800LE@16/6 och 403x451 - 80GB - 17" CRT
Ursprungligen inskrivet av Datexx
Jag lånar också tråden lite, det är nämligen så att Explorer och Mozilla låser sig ibland, så finns det något att tag bort i loggen eller verkar allt ok?
ren & fin förutom denna
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
kolla in http://www.spywareguide.com/product_show.php?id=1242 för mer info - dock så tvivlar jag på att ditt problem orsakas av denna men om du inte använder gamespy arcade så skulle jag iaf rekommendera att du avinstallerar den.
__________________________________________
Ursprungligen inskrivet av Jeronix
Jag lånar också denna tråd till att posta min HijackThis-log:
lite onödiga saker men annars så är den OK !
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
Ok, tack Lenco!
Ettan: P160 + BlueStorm 500W - P5B Premium - E4300@3,2GHz - 2x1GB 800MHz - Palit 8800GT@710x1015 - 410GB - Samsung 206BW
Tvåan: NoName + 300W - MSI K8T NeoFIS2R - A64 3000+ - 2x512MB 400MHz - Leadtek 6800LE@16/6 och 403x451 - 80GB - 17" CRT
hjälp jag postar också en logg, är hemma hos en kompis som verkar ha mycket konstigt installerat.
Logfile of HijackThis v1.99.0
Scan saved at 20:41:49, on 2005-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\Program\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
C:\Program\Logitech\ImageStudio\LogiTray.exe
C:\Program\ICQLite\ICQLite.exe
C:\Documents and Settings\Ägaren\Skrivbord\Malin\iTunesHelper.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: load=hpljsw.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Ägaren\Skrivbord\Malin\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [extra glue draw math] C:\Documents and Settings\All Users\Application Data\Dart fork extra glue\two blue.exe
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: iPod-tjänst - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
det allra senaste
starta datorn i felsäkert läge !
avsluta ALLA IE när ni tar bort saker med hijackthis
ta bort följande med hijackthis
O4 - HKLM\..\Run: [extra glue draw math] C:\Documents and Settings\All Users\Application Data\Dart fork extra glue\two blue.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
saken ovanför är helt onödig men behåll den om ni vill
starta om datorn
ladda upp och scanna "two blue.exe" på
http://virusscan.jotti.org/
och
http://www.viruslist.com/en/scanforvirus
och meddela vad resultatet blev !
annars så ser den helt OK ut tycker jag - posta en ny logg så får jag ta en titt på den också !
Kärvar här åxå!
Postar en log från min dator som jag överlämnat till god vän och nu fått tillbaks.
Någon Trojan har smygit in bland annat.
Logfile of HijackThis v1.99.0
Scan saved at 01:43:25, on 2005-01-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Stardock\TrayServer.exe
C:\Program\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program\D-Tools\daemon.exe
C:\Jonathan\Program\Jaws Pdf-creator\PDFClient.exe
C:\Jonathan\Program\WindowsStyles\CursorXP\CursorXP.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\TGTSoft\StyleXP\StyleXP.exe
C:\Jonathan\Program\ICQ\ICQPlus\vplus.exe
C:\Jonathan\Program\ICQ\Icq.exe
C:\Jonathan\Program\ICQ\ICQPlus\VPlus.exe
C:\Jonathan\Program\Rainlendar\Rainlendar.exe
C:\Program\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program\Compaq\EASYAC~1\BttnServ.exe
C:\Jonathan\Program\Winamp\winamp.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Jonathan\Program\Mozilla Firefox\firefox.exe
C:\Program\Delade filer\Symantec Shared\NMain.exe
C:\Jonathan\Program\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telia Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: cnbjeonx - {6BD8E275-3009-1EFC-747B-55AC86F204F0} - C:\WINDOWS\System32\cnbjeonx.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program\Delade filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Jonathan\Program\ICQ\NDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Jonathan\Program\Jaws Pdf-creator\PDFClient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Jonathan\Program\WindowsStyles\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ICQ Plus] "C:\Jonathan\Program\ICQ\ICQPlus\vplus.exe"
O4 - Startup: Genväg till Icq.lnk = C:\Jonathan\Program\ICQ\Icq.exe
O4 - Startup: Genväg till VPlus.lnk = C:\Jonathan\Program\ICQ\ICQPlus\VPlus.exe
O4 - Startup: Rainlendar.lnk = C:\Jonathan\Program\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Jonathan\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Jonathan\Program\ICQ\ICQ.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://startsidan.telia.se
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.a...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trend...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader...
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
ALM
starta i felsäkert läge och ta bort följande
O2 - BHO: cnbjeonx - {6BD8E275-3009-1EFC-747B-55AC86F204F0} - C:\WINDOWS\System32\cnbjeonx.dll (file missing)
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
text från errorguards hemsida
Collection of Personal Information from Service Visitors Error-Guard, Inc. may collect and/or track (1) the home server domain names, email addresses, type of client computer, files downloaded, search engine used, operating system, and type of web browser of visitors to Error-Guard, Inc.'s web service, (2) the email addresses of visitors that communicate with Error-Guard, Inc. via email, (3) information knowingly provided by the visitor in online forms, registration forms, surveys, email, contest entries, and other online avenues (including demographic and personal profile data), and (4) aggregate and user-specific information on which pages visitors access.
så därför skulle jag ha tagit bort den också ! men testa och ta bort den med "lägg till/ta bort program" istället för med hijackthis
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
mer info på http://www.sophos.com/virusinfo/analyses/trojadclickac.html
är inte säker på om denna är OK men jag skulle iaf rekommendera att du avinstallerar den via "lägg till/ta bort".
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
stäng ner ALLA IE när du plockar bort sakerna, starta om datorn sen och posta en ny logg !
Ny log kommer här
Logfile of HijackThis v1.99.0
Scan saved at 12:07:14, on 2005-01-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\Program\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Stardock\TrayServer.exe
C:\Program\Compaq\Easy Access Button Support\StartEAK.exe
C:\Jonathan\Program\ICQ\NDetect.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program\D-Tools\daemon.exe
C:\Jonathan\Program\Jaws Pdf-creator\PDFClient.exe
C:\Program\Compaq\EASYAC~1\BttnServ.exe
C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\Jonathan\Program\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1430...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1430...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=143041
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1430...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.aftonbladet.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads1.revenue.net/load/206324/383.html?O_R_NUM=4&O_RANK...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program\Delade filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Jonathan\Program\ICQ\NDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Jonathan\Program\Jaws Pdf-creator\PDFClient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Jonathan\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Jonathan\Program\ICQ\ICQ.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://startsidan.telia.se
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.a...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trend...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader...
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
Ursprungligen inskrivet av Alm
Ny log kommer här
här har det rasat in en massa skit sen sist...
starta om i felsäkert läge - bort med
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=143041
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=143041
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=143041
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=143041
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads1.revenue.net/load/206324...E_ID=11580&
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
ny logg sen !
ta och installera spywareblaster också !
Jag får väl också låna tråden då när Lenco e i farten...
Logfile of HijackThis v1.99.0
Scan saved at 19:06:47, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\WINDOWS\system32\memsvc.exe
c:\windows\system32\drivers\addins\r_server.exe
c:\windows\system32\drivers\addins\lsass.exe
C:\Program\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\wsmct.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\program\powerstrip\pstrip.exe
C:\Program\DU Meter\DUMeter.exe
C:\Program\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\jbclrvo.exe
C:\WINDOWS\System32\Ersbbk.exe
C:\Program\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program\F-Secure Anti-Virus\Common\FSLAUNCH.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\d8s1a.exe
C:\Program\Opera\Opera.exe
C:\d8s1a.exe
C:\d8s1a.exe
D:\Downloads\Program\_Små program\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1575...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1575...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1575...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program\ISTbar\istbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [G3HUiR9] C:\WINDOWS\jbclrvo.exe
O4 - HKLM\..\Run: [sais] c:\program\180solutions\sais.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ylymst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ersbbk.exe
O4 - HKLM\..\Run: [IST Service] C:\Program\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program\SideFind\sidefind.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.com/dialer/internazionale_ver4.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CBC240B-A82F-4FE2-BF56-35EA3EFD8B3E}: NameServer = 81.26.226.3,81.26.226.2
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FireDaemon Service: ADOService - Unknown - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Memory ALU Driver - Unknown - C:\WINDOWS\system32\memsvc.exe
O23 - Service: FireDaemon Service: RADService - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: FireDaemon Service: RPCProcedure - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: Remote Administrator Service - Unknown - c:\windows\system32\drivers\addins\r_server.exe
Skål för den staden..... Skål Göteborg!!!!
Ursprungligen inskrivet av Superius
Jag får väl också låna tråden då när Lenco e i farten...
skulle rekommendera att du först kollar på följande sida och ser om du kan få bort ISTBar med hjälp av den.
http://www.kephyr.com/spywarescanner/library/istbar/index.pht...
"Uninstall procedure
Uninstall ISTBar from "Add/Remove Programs" in the Windows® Control Panel. Look for an entry named MS AUpdate, MS Updates, XXXToolbar, ISTsvc or ISTBar. If not such entry exists or if the uninstall failed, please contact the vendor for support."
testa med det först och återkom om det inte funkar - om du fick bort ISTBar så vill jag ha en ny logg !
du kan även om du vill plocka bort följande också, det finns mer skit också men vi tar det senare...
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program\SideFind\sfbho.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program\SideFind\sidefind.dll
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.com/dialer/internazionale_ver4.CAB
hur som helst så vill jag ha en ny logg sen !
glömde bort att du förslagsvis gör allt i felsäkert läge !
Lenco jag har riktiga problem... Mitt internet funkar inte ibland, och så kommer det upp ett explorer fönster hela tiden. Vet inte vad jag ska göra men här kommer en ny logga...
Och vad fan är d8s1a.exe jag tror att det gör så att fönstret öppnas, har kollat på google men hittade inget om det...
Plus att jag har ett virus som mitt antivirus program inte kan ta bort Exploit.HTML.Mht så heter det
Logfile of HijackThis v1.99.0
Scan saved at 20:51:37, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\WINDOWS\system32\memsvc.exe
c:\windows\system32\drivers\addins\r_server.exe
c:\windows\system32\drivers\addins\lsass.exe
C:\Program\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\wsmct.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\program\powerstrip\pstrip.exe
C:\Program\DU Meter\DUMeter.exe
C:\Program\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\Ersbbk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program\F-Secure Anti-Virus\Common\fsm32.exe
C:\Program\Opera\Opera.exe
C:\Program\Spyware Doctor\swdoctor.exe
C:\Program\DC++\DCPlusPlus.exe
C:\d8s1a.exe
C:\d8s1a.exe
C:\d8s1a.exe
D:\Downloads\Program\_Små program\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [sais] c:\program\180solutions\sais.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ylymst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ersbbk.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program\ISTbar\istbar.dll"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CBC240B-A82F-4FE2-BF56-35EA3EFD8B3E}: NameServer = 81.26.226.3,81.26.226.2
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FireDaemon Service: ADOService - Unknown - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: Memory ALU Driver - Unknown - C:\WINDOWS\system32\memsvc.exe
O23 - Service: FireDaemon Service: RADService - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: FireDaemon Service: RPCProcedure - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: Remote Administrator Service - Unknown - c:\windows\system32\drivers\addins\r_server.exe
Skål för den staden..... Skål Göteborg!!!!
Ursprungligen inskrivet av Superius
Lenco jag har riktiga problem... Mitt internet funkar inte ibland, och så kommer det upp ett explorer fönster hela tiden. Vet inte vad jag ska göra men här kommer en ny logga...
Och vad fan är d8s1a.exe jag tror att det gör så att fönstret öppnas, har kollat på google men hittade inget om det...
Plus att jag har ett virus som mitt antivirus program inte kan ta bort Exploit.HTML.Mht så heter det
så här hade jag försökt lösa det iaf.
starta i felsäkert läge
avsluta följande processer
C:\WINDOWS\system32\memsvc.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\wsmct.exe
C:\WINDOWS\System32\Ersbbk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
( mer info http://sarc.com/avcenter/venc/data/adware.netoptimizer.html )
C:\d8s1a.exe
C:\d8s1a.exe
C:\d8s1a.exe
så länge som du kör hijackthis från en egen mapp så skapar den backup på allt den tar bort - kan vara bra om det skulle strula sen.
ta bort följande med hijackthis
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
(ev så kanske denna tillhör spyware doctor och då kan du spara den om du har den installerad...)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
(ev så kanske denna tillhör spyware doctor och då kan du spara den om du har den installerad...)
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [sais] c:\program\180solutions\sais.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ylymst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ersbbk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Memory ALU Driver - Unknown - C:\WINDOWS\system32\memsvc.exe
ev denna också - vet inte om du har försökt avinstallera ISTBar och att den ska ta bort en massa filer vid nästa omstart... (det är ju en runonce så det innebär att den bara kommer att köras en gång)
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program\ISTbar\istbar.dll
kom ihåg att avsluta alla IE när du tar bort sakerna !
installera spywareblaster också - uppdatera den - klicka på "enable all protection" !!! (länk finns nedanför)
__________________________________________
tror jag har fått med det mesta men starta om datorn sen och posta en ny logg !
Jag vill åxå låna tråden.
Logfile of HijackThis v1.99.0
Scan saved at 19:21:47, on 2005-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Norman\bin\ZLH.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
C:\Program\Creative\ShareDLL\MEDIADET.EXE
C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
c:\apache\Apache.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
c:\apache\Apache.exe
C:\Program\Norman\bin\ZANDA.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\System32\svchost.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
C:\PROGRAM\NORMAN\nvc\BIN\nvcoas.exe
C:\Program\Norman\Nvc\bin\cclaw.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Matti\LOKALA~1\Temp\Temporär katalog 1 för hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kiruna.cc/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk (file missing)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22b74f9bdf1ec18aa620/netzip/RdxIE601.cab
O16 - DPF: {7099D57A-2CF3-4919-9874-A035F8193AA0} (InstaladorCharisma Control) - http://www.redzone.nu/download/charisma/instaladorcharisma.ca...
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/Fil...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.linnea.net/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader...
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Apache - Unknown - c:\apache\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Norman API-hooking helper - Unknown - C:\PROGRAM\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Program\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Program\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\PROGRAM\NORMAN\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\PROGRAM\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: PHPGeekUtil - Unknown - c:\apache\APACHE.EXE
Pentium 4 2,8 GHz | 2 * 120 GB HDD | 512 Mb ram | Creative Soundblaster Adigy Platina | Excelibur Radeon 9700 Pro | Philips 18" TFT 1280*1024@75 | Windows XP Pro | Logitech Cordless Optical
Lenco For President!
Fler som dig på forumet!
Verkligen kul att se ett sweclocker helgon!
Asus ROG Strix X470-F Gaming | AMD Ryzen 7 5700X | 32GB G.Skill TridentZ F4-320016D-16GTZR @ 3200Mhz 16-18-18-38 | RX 6900XT | Fractal Design R4 | AOC Q3279VWF 32" 1440p | Qpad MK-50 | Logitech G500 | Cooler master MasterLiquid Lite 240 | Cooler Master Silent Pro 1kW | Samsung 830 256GB | Samsung 850 EVO 500GB | WD Black SN770 2TB Gen 4 NVME |
Kingston KC3000 M.2 NVMe 1TB
För att få bort ISTbar så krävs att din dator är i Felsäkert Läge.
Samsung TFT 22" 2233RZ Svart 120HZ - 640GB Western Digital Black 64MB SATA III - Corsair 4GB (2x2048MB) 1333MHz XMS3-10600 - AMD Phenom2 X4 965 3,4GHz Black Edition - Gigabyte GeForce GTX 460 1GB OC - Fractal Design Define R3, Svart - Corsair TX 650W 80+ - Gigabyte GA-870A-UD3 - Cooler Master Hyper 212 Plus
- Idag Nya uppgifter: Nvidia släpper enbart RTX 5090 i år 58
- Igår Intel vill strypa effekten till Raptor Lake ur kartong 33
- Igår SFW! Eleganta ASUS ProArt Z790 och GeForce RTX 4070 Ti Super 11
- 5 / 5 Intel Core Ultra 9 285K får lägre klockfrekvens än i9‑14900K 33
- 3 / 5 Rykte: Switch 2 grejar högre bildfrekvenser 16
- Idag Microsoft förenklar Windows 11-uppgradering 5
- Igår Nintendo kräver att Github rensar emulator-kod 43
- Igår Efter kritikstormen – inget PSN-krav för Helldivers 2 47
- 5 / 5 Nu går det att mäta internethastigheten direkt i Microsoft Edge 18
- 5 / 5 Microsoft optimerar Utforskaren och Aktivitetshanteraren 29
- Nya uppgifter: Nvidia släpper enbart RTX 5090 i år60
- Låna pengar eller sälja av aktier och fonder?7
- Microsoft förenklar Windows 11-uppgradering7
- Byta opperatör från Telia Öppen Fiber, men hur?3
- Är du mån om din integritet?23
- Hur mycket minne tar din setup i "idle"?31
- Hur Aktiverar jag Notifikationer för App som jag har stängt Notifikationer för Tidigare.2
- Visa dina spelvideor23
- Intel vill strypa effekten till Raptor Lake ur kartong33
- Tråden om Nintendo Switch 28
- Säljes MSI GeForce GTX 1070 Ti Armor 8g
- Säljes Corsair RM750x v2 2020 / 32GB Corsair DDR4 3200MHz
- Köpes 24" 27" 144hz skärm köpes
- Säljes LG C1 65" 4K Smart OLED TV
- Säljes Samsung Odyssey g9
- Säljes 49 tum
- Köpes Laptop för streaming.
- Säljes Uppgraderad Creality Ender 3
- Säljes Asus ROG Strix Geforce GTX1080Ti OC 11 GB
- Säljes Asus ROG Ally Z1 Extreme
- Microsoft förenklar Windows 11-uppgradering8
- Enhetskryptering kan bli standard i Windows 11 Home14
- Nya uppgifter: Nvidia släpper enbart RTX 5090 i år60
- Coop-hackare döms till 13 års fängelse15
- Intel vill strypa effekten till Raptor Lake ur kartong33
- Nintendo kräver att Github rensar emulator-kod43
- SFW! Eleganta ASUS ProArt Z790 och GeForce RTX 4070 Ti Super11
- Snabbkoll: Är FPS eller upplösning viktigast i spel?107
- Efter kritikstormen – inget PSN-krav för Helldivers 247
- AI påverkar hur programmering lärs ut33
Externa nyheter
Spelnyheter från FZ
- Remake av Tony Hawk 3 och 4 sägs ha ratats i favör för mer Call of Duty idag
- Redfall-hjältar som spelare betalt för finns fortfarande inte idag
- Manor Lords-utvecklaren kan inte bara anställa fler för att utveckla snabbare idag
- Second-loop har FPS-skjutande, mechs, fysikpussel och fordon idag
- Överraskning! Hades II har plötsligt släppts i early access idag