Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

aurora... [RESOLVED]


  • This topic is locked This topic is locked

#1
Pebban

Pebban

    Member

  • Member
  • PipPip
  • 30 posts
can someone please go over my HijackThis logg?
i only know that i have the "aurora problem" but it could be more things.

here's the logg:

Logfile of HijackThis v1.99.1
Scan saved at 18:10:38, on 2005-07-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
c:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\Program\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program\F-Secure Internet Security\fswsclds.exe
c:\Program\F-Secure Internet Security\Common\FSMB32.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\Program\F-Secure Internet Security\Common\FCH32.EXE
c:\Program\F-Secure Internet Security\Common\FAMEH32.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\UAService7.exe
c:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.exe
C:\Program\F-Secure Internet Security\Common\FSM32.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
D:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe
C:\Program\Hijackthis\HijackThis.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program\NewDotNet\newdotnet3_88.dll
O4 - HKLM\..\Run: [F-Secure Manager] "c:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "c:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [EfBBdmI3n] C:\WINDOWS\ghllkjsg.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zeosauv] c:\windows\system32\zjnjno.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093203014484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - c:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - c:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - c:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - c:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - c:\Program\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

Advertisements


#2
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello Pebban,

You have more than one infection, but first we will get rid of newdotnet.

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

Please reply back in this thread with a new HijackThis log.

~Kristy :tazz:
  • 0

#3
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok thanx, i removed the new.net thing trough the add/remove panel and rebooted, y internet connection was ok after that :tazz: .

here is my new logg:

Logfile of HijackThis v1.99.1
Scan saved at 18:14:16, on 2005-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
c:\Program\F-Secure Internet Security\Common\FSMA32.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\Program\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program\F-Secure Internet Security\fswsclds.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
c:\Program\F-Secure Internet Security\Common\FAMEH32.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe
c:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.exe
C:\Program\F-Secure Internet Security\Common\FSM32.EXE
c:\Program\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
D:\Program\D-Tools\daemon.exe
C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRAM\MOZILL~1\FIREFOX.EXE
D:\Program\BitComet\BitComet.exe
C:\Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [F-Secure Manager] "c:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "c:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [EfBBdmI3n] C:\WINDOWS\ghllkjsg.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zeosauv] c:\windows\system32\zjnjno.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093203014484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - c:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - c:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - c:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - c:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - c:\Program\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

#4
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello Pebban,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [EfBBdmI3n] C:\WINDOWS\ghllkjsg.exe
O4 - HKLM\..\Run: [zeosauv] c:\windows\system32\zjnjno.exe r
O4 - Startup: PowerReg Scheduler V3.exe


Close all open windows except for HijackThis and click Fix Checked.

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

C:\WINDOWS\ghllkjsg.exe
c:\windows\system32\zjnjno.exe r


Empty your recycle bin

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

~Kristy :tazz:
  • 0

#5
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok here is the new HijackThis logg:

Logfile of HijackThis v1.99.1
Scan saved at 22:49:26, on 2005-07-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ewido\security suite\ewidoguard.exe
c:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
c:\Program\F-Secure Internet Security\Common\FSMA32.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program\F-Secure Internet Security\fswsclds.exe
c:\Program\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program\F-Secure Internet Security\Common\FCH32.EXE
c:\Program\F-Secure Internet Security\Common\FAMEH32.EXE
c:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program\F-Secure Internet Security\Common\FSM32.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
D:\Program\D-Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\MessengerDiscovery\MessengerDiscovery.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\Program\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Bin\Toolkit\EditPad.exe
C:\Program\ewido\security suite\SecuritySuite.exe
C:\Program\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [F-Secure Manager] "c:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "c:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Program\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093203014484
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: F-Secure Internet Security 2004 (BackWeb Client - 4476822) - Unknown owner - c:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - c:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - c:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - c:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - c:\Program\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\F-Secure Internet Security\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

the strange thing is that the only thing in the ewido logg was:

˙ž-
  • 0

#6
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello Pebban,

Your log looks clean. How is your computer running?

~Kristy
  • 0

#7
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
much better.. exept that a program called security.exe is trying to connect to the net sometimes, but other than that its fine.

thanx verry much for your help
//Pebban
  • 0

#8
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
No problem :tazz:

Did you install the program? Or is it one that came along with the other problems?

~Kristy
  • 0

#9
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i think the first time it tried to connect was when i did the ewido scan, if thats what you meant
  • 0

#10
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
What I mean is, did you install security.exe? Is it something that you want on your computer?

~Kristy
  • 0

Advertisements


#11
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
i dont recal installing anything named security.exe, it just came up. i dont know what it is but the name made me wondering what it was :tazz:
  • 0

#12
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Does a window come up when it runs? What exactly happens?

~Kristy
  • 0

#13
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
my firewall (F-secure) informes me that a program called security.exe is trying to connect to the net. and i keep blocking it but the warning keeps kommig up..
  • 0

#14
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Ok,

Please download spyware-scan and save it to your desktop. Then run it. If it generates a log, paste it here.

~Kristy
  • 0

#15
Pebban

Pebban

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
nope no logg, and it seems the computer is completley clean.

thank you for your help :tazz:
//Pebban
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP