/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Spybot, SpywareBlaster og Hijackthis...
Fra : Lasse_Madsen
Vist : 342 gange
41 point
Dato : 24-11-03 20:50

Hvorfor nogle punkter skal jeg fjerne fra Spybot???
Hvordan sætter jeg SpywareBlaster op???
Hvorfor nogle skal jeg slette inde i Hijackthis???

Håber, at der er en, der kan hjælpe...

 
 
Kommentar
Fra : molokyle


Dato : 24-11-03 20:53

Tjek her :http://spywarefri.dk

</MOLOKYLE>

Accepteret svar
Fra : arlet

Modtaget 51 point
Dato : 24-11-03 20:54

Spybot : alt med rødt
Hijackthis: må du ikke slette noget, læg den herind så skal jeg fortælle hvad du skal slette.
Spywareblaster installer du og trykker på check for updates. så trykker du på select all og så trykker du på protect against checked items. så skriver den sucess og så lukker du ned..


Kommentar
Fra : molokyle


Dato : 24-11-03 20:55

Nærmere betegnet her : http://spywarefri.dk/faq.htm

</MOLOKYLE>

Kommentar
Fra : arlet


Dato : 24-11-03 20:56
Kommentar
Fra : Lasse_Madsen


Dato : 24-11-03 20:59

Inde i Spybot, skal jeg bare trykke på "Afhjælp problemer" eller hvad???

Kommentar
Fra : arlet


Dato : 24-11-03 21:02

Ja, når den har scannet færdigt er alt det med rødt markeret og så trykker du bare afhjælp valgte problemer

Kommentar
Fra : Lasse_Madsen


Dato : 24-11-03 21:04

Der er nogle med rødt, som ikke er blevet fjernet, skal jeg bare lade dem være eller fjerne dem enkeltvis???

Kommentar
Fra : arlet


Dato : 24-11-03 21:05

Alt med rødt er snavs og skal fjernes...

Kommentar
Fra : Lasse_Madsen


Dato : 24-11-03 21:10

>Arlet
Har du en e-mail adresse, som jeg kan sende loggen til, eller skal jeg bare sætte den herind???

Kommentar
Fra : arlet


Dato : 24-11-03 21:12

Du sætter den ind her, så kan andre også følge med i det.

Den log er beregnet til at ligge i forums, så der stå ikke noget hemmeligt eller koder i den..

Kommentar
Fra : Lasse_Madsen


Dato : 24-11-03 21:13

Her er loggen fra Hijackthis:


Logfile of HijackThis v1.97.7
Scan saved at 20:03:08, on 24-11-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast4\ashDisp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Agfa\AgfaCam\AgfaCLnk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Programmer\Odigo\Bin\Odigo.exe
C:\WINDOWS\System32\mapisvc32.exe
C:\Programmer\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\System32\ommc.exe
C:\Programmer\ICQ\ICQ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
C:\Programmer\Odigo\Bin\obrw.exe
C:\Programmer\Outlook Express\Msimn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\mobsync.exe
C:\Programmer\VNCom LLC\Explorer 2002\E2.EXE
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Lasse Madsen\Lokale indstillinger\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gyxi.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\ODIGO\BIN\ODIGOBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Programmer\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AgfaCamWatch] C:\Programmer\Agfa\AgfaCam\AgfaCLnk.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [Zone Alarm] C:\\Programmer\\ZoneAlarm\\zonealarm.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmer\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [RunOdigo] C:\Programmer\Odigo\Bin\Odigo.exe -m
O4 - HKLM\..\Run: [mapisvc32] C:\WINDOWS\System32\mapisvc32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmer\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ommc] C:\WINDOWS\System32\ommc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\RunOnce: [ICQ] C:\Programmer\ICQ\ICQ.exe -trayboot
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Overfør med Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://www.messenger.jubii.dk/messenger/client/ActiveXMsgrCore.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://img.rn11.com/ssoap/pptproactauthmirror/systemsoappro.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.1136921296
O16 - DPF: {A1459E5C-7F68-4676-9865-1986BD5AF740} - http://digisign.invia.fujitsu.dk/install/digicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Kommentar
Fra : arlet


Dato : 24-11-03 21:15

Ja, der går en god halv time med at tjekke den, så læg dig tilbage og slet ikke noget imens

Kommentar
Fra : arlet


Dato : 24-11-03 21:16

I mellemtiden:
Du skal hente og køre Lspfix http://www.cexx.org/LSPFix.exe , starte det, klik til fuld skærm, markere I know what I am doing og klikke på finish, genstart og lav en ny logfil, som du smider herind.

Kommentar
Fra : Lasse_Madsen


Dato : 24-11-03 21:32

Her er den nye log-fil:

Logfile of HijackThis v1.97.7
Scan saved at 20:25:58, on 24-11-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast4\ashDisp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Agfa\AgfaCam\AgfaCLnk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINDOWS\System32\mapisvc32.exe
C:\Programmer\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\M20ENUF.exe
C:\Programmer\ICQ\ICQ.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
C:\Programmer\Avast4\setup\avast.setup
C:\Programmer\Outlook Express\Msimn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programmer\VNCom LLC\Explorer 2002\E2.EXE
C:\Documents and Settings\Lasse Madsen\Lokale indstillinger\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gyxi.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\ODIGO\BIN\ODIGOBHO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Programmer\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AgfaCamWatch] C:\Programmer\Agfa\AgfaCam\AgfaCLnk.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [Zone Alarm] C:\\Programmer\\ZoneAlarm\\zonealarm.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmer\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [RunOdigo] C:\Programmer\Odigo\Bin\Odigo.exe -m
O4 - HKLM\..\Run: [mapisvc32] C:\WINDOWS\System32\mapisvc32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmer\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [M20ENUF] C:\WINDOWS\System32\M20ENUF.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ] C:\Programmer\ICQ\ICQ.exe -trayboot
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Overfør med Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://www.messenger.jubii.dk/messenger/client/ActiveXMsgrCore.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://img.rn11.com/ssoap/pptproactauthmirror/systemsoappro.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.1136921296
O16 - DPF: {A1459E5C-7F68-4676-9865-1986BD5AF740} - http://digisign.invia.fujitsu.dk/install/digicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab



Kommentar
Fra : arlet


Dato : 24-11-03 21:34

Perfekt. går lige 15 min endnu

Kommentar
Fra : arlet


Dato : 24-11-03 21:40

Der var en del snavs:
Du skal nu til at i gang med at fixe. Men først skal du lige have noget instruktion. Allerførst skal du slå systemgendannelse fra. Hvis du ikke ved hvordan du gør det så kig her: http://www.spywarefri.dk/virus.htm#alle derefter skal du åbne hijackthis. Du får herunder nogle filer som du skal fixe, det du skal gøre er at sætte en vinge ud for alle disse filer. IKKE FIXE endnu. Når du har gjort det så lukker du alle andre vinduer ned, det er meget vigtigt at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue når du har markeret filerne. Nu må du fixe. Klik på Fix chekede. Efter fix skal du genstarte din computer.
Her er de filer, du skal fixe :


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www .yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gyxi.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my. yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www .yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my. yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - C:\PROGRA~1\ODIGO\BIN\ODIGOBHO.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup 1.0.0.6.cab
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - http://www.stop-sign.com/pub/download/scandl_cnry.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://img.rn11.com/ssoap/pptproactauthmirror/systemsoappro.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab

----------------------------------------------------------
kender du denne, ellers skal den fixes:
O4 - HKLM\..\Run: [ommc] C:\WINDOWS\System32\ommc.exe



Derefter Genstarter du i fejlsikret tilstand(Fejlsikret tilstand kommer du i ved at trykke på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows.) Find følgende fil i Stifinder og slet den:

kender du denne, ellers skal den slettes:
C:\WINDOWS\System32\ommc.exe


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må de aktiver din systemgendannelse igen.












Kommentar
Fra : Lasse_Madsen


Dato : 25-11-03 15:10

Her er den nye log:

-----------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 14:02:23, on 25-11-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Avast4\ashserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Avast4\ashDisp.exe
C:\Programmer\Agfa\AgfaCam\AgfaCLnk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINDOWS\System32\mapisvc32.exe
C:\Programmer\CloneCD\CloneCDTray.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\ICQ\ICQ.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\System32\sicplm.exe
C:\Programmer\Outlook Express\Msimn.exe
C:\Programmer\VNCom LLC\Explorer 2002\E2.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lasse Madsen\Lokale indstillinger\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Programmer\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AgfaCamWatch] C:\Programmer\Agfa\AgfaCam\AgfaCLnk.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [Zone Alarm] C:\\Programmer\\ZoneAlarm\\zonealarm.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programmer\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [RunOdigo] C:\Programmer\Odigo\Bin\Odigo.exe -m
O4 - HKLM\..\Run: [mapisvc32] C:\WINDOWS\System32\mapisvc32.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmer\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [sicplm] C:\WINDOWS\System32\sicplm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ] C:\Programmer\ICQ\ICQ.exe -trayboot
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Free WebSite Tools.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Overfør med Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Free History Cleaner (HKLM)
O9 - Extra 'Tools' menuitem: Free History Cleaner (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://www.messenger.jubii.dk/messenger/client/ActiveXMsgrCore.cab
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/76808a0e7ae82f/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.1136921296
O16 - DPF: {A1459E5C-7F68-4676-9865-1986BD5AF740} - http://digisign.invia.fujitsu.dk/install/digicom.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
-----------------------------------------------------------------------------------------------------------------

Hvor tit skal jeg forresten tjekke computeren???

Kommentar
Fra : arlet


Dato : 25-11-03 15:14

Du er ren nu og kan aktiver din systemgendannelse igen

Så skal du hente SP1 til windows og IE. hent dem her http://www.it-service.sdu.dk/vis.php?side=84

For at sikre din fremtidige færden på nettet vil jeg foreslå at du henter følgende programmer :
Spywareblaster & Spywareguard & IE-SPYAD & Empty Temp Folders

Alle programmerne finder du her http://www.spywarefri.dk/vaerktoj.htm

Hvor der også er en beskrivelse af programmerne, samt en installations vejledning..

Alt sammen skal løbende opdateres, ligesom dit windows og IE..

Derefter kan du trygt surfe på nettet, uden at få alt det snavs på computeren.

Hvis du installer disse programmer og holder dem løbende opdateret og så scanner enten med spybor eller ad-aware hver 14 dag, så er der ingen problemer.

Jeg har disse små programmer installeret, og jeg kan ikke få snavs ind..

Godkendelse af svar
Fra : Lasse_Madsen


Dato : 25-11-03 19:54

Tak for svaret arlet...
Jeg opretter nok et lignende sprgsmål, engang, for at finde ud af, om det stadig er en ordentlig computer, der er fri for snavs...
                        

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177577
Tips : 31968
Nyheder : 719565
Indlæg : 6409068
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste