/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
en logfil til arlet
Fra : lexion
Vist : 567 gange
120 point
Dato : 17-08-04 22:14

Hej Arlet
Har lidt problemer,håber du vil hjælpe
Logfile of HijackThis v1.98.2
Scan saved at 22:04:57, on 17-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
F:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\CTSvcCDA.exe
F:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmer\Norton AntiVirus\navapsvc.exe
F:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\Programmer\Norton AntiVirus\SAVScan.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Programmer\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe
F:\WINDOWS\gtwatch.exe
F:\Programmer\Logitech\iTouch\iTouch.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
F:\PROGRA~1\TOTALR~1\TotalRecorder\TotRecSched.exe
F:\WINDOWS\System32\CTHELPER.EXE
F:\Programmer\MSN Messenger\MsgPlus.exe
F:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Programmer\MSN Apps\Updater\01.02.0002.1001\da\msnappau.exe
F:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programmer\Common files\WinTools\WSup.exe
F:\Programmer\Rainlendar\Rainlendar.exe
F:\Programmer\Microsoft ActiveSync\WCESMgr.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Programmer\Common files\WinTools\WToolsA.exe
F:\Programmer\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Claus Kristensen\Skrivebord\hijackthis\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eb.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - F:\Programmer\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programmer\MSN Apps\MSN Toolbar\01.02.2001.0001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programmer\MSN Apps\MSN Toolbar\01.02.2001.0001\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Programmer\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Gtwatch] F:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] F:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "F:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TotalRecorderScheduler] "F:\PROGRA~1\TOTALR~1\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WinTools] F:\Programmer\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [msnappau] "F:\Programmer\MSN Apps\Updater\01.02.0002.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] F:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Rainlendar.lnk = F:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://F:\Programmer\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Web Savings - file://F:\Programmer\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra button: TvGuide - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - www.tvguide.dk (file missing)
O9 - Extra 'Tools' menuitem: TvGuide.dk - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - www.tvguide.dk (file missing)
O12 - Plugin for .spop: F:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) - http://81.19.245.211/system/SysREG_DK.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (FormFlow Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00024} (Ringkj›bing Landbobanks Netbank) - https://www.landbobanken.dk/slandbobankibp2500ib100.cab
O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://www.kps.dk/codebase/plsspeller.cab
O16 - DPF: {85D6F6C5-97FE-11D1-86CC-080009B6ACE6} (JetForm Image Filter (JPG)) - http://www.kps.dk/codebase/imagejpg.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (FormFlow Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {AFB8BDEE-965D-11D1-86CC-080009B6ACE6} (JetForm Image Filter (BMP)) - http://www.kps.dk/codebase/imagebmp.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (FormFlowScriptObject Class) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (FormFlow Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O16 - DPF: {FAC462CF-7E63-4042-8620-312D71652326} - http://81.19.245.211/speedtest/SpeedTest_2.cab

Mvh Lex


 
 
Accepteret svar
Fra : arlet

Modtaget 120 point
Dato : 18-08-04 16:32

Hent og kør aboutBuster og CWShredder herfra : www.arlet.dk/special.htm
genstart og ny hijackthis log

Kommentar
Fra : lexion


Dato : 18-08-04 22:35

Her er en ny logfil
Logfile of HijackThis v1.98.2
Scan saved at 22:27:29, on 18-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\savedump.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
F:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe
F:\WINDOWS\gtwatch.exe
F:\Programmer\Logitech\iTouch\iTouch.exe
F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
F:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
F:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
F:\PROGRA~1\TOTALR~1\TotalRecorder\TotRecSched.exe
F:\WINDOWS\System32\CTHELPER.EXE
F:\Programmer\Common files\WinTools\WToolsA.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\Programmer\MSN Messenger\MsgPlus.exe
F:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Programmer\MSN Apps\Updater\01.02.0002.1001\da\msnappau.exe
F:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
F:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programmer\Rainlendar\Rainlendar.exe
F:\WINDOWS\System32\CTSvcCDA.exe
F:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmer\Norton AntiVirus\navapsvc.exe
F:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
F:\Programmer\Norton AntiVirus\SAVScan.exe
F:\Documents and Settings\Claus Kristensen\Skrivebord\hijackthis\hjt.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Programmer\Common files\WinTools\WSup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - F:\Programmer\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programmer\MSN Apps\MSN Toolbar\01.02.2001.0001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Programmer\MSN Apps\MSN Toolbar\01.02.2001.0001\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdaptecDirectCD] "F:\Programmer\Roxio\WinOnCD 5 PE\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Gtwatch] F:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] F:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "F:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TotalRecorderScheduler] "F:\PROGRA~1\TOTALR~1\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [WinTools] F:\Programmer\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [msnappau] "F:\Programmer\MSN Apps\Updater\01.02.0002.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "F:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] F:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "F:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Rainlendar.lnk = F:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://F:\Programmer\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Web Savings - file://F:\Programmer\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra button: TvGuide - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - www.tvguide.dk (file missing)
O9 - Extra 'Tools' menuitem: TvGuide.dk - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - www.tvguide.dk (file missing)
O12 - Plugin for .spop: F:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/12119/CTSUEng.cab
O16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) - http://81.19.245.211/system/SysREG_DK.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (FormFlow Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (FormFlow Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00024} (Ringkj›bing Landbobanks Netbank) - https://www.landbobanken.dk/slandbobankibp2500ib100.cab
O16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} (PLSAddin Class) - http://www.kps.dk/codebase/plsspeller.cab
O16 - DPF: {85D6F6C5-97FE-11D1-86CC-080009B6ACE6} (JetForm Image Filter (JPG)) - http://www.kps.dk/codebase/imagejpg.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (FormFlow Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {AFB8BDEE-965D-11D1-86CC-080009B6ACE6} (JetForm Image Filter (BMP)) - http://www.kps.dk/codebase/imagebmp.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (FormFlowScriptObject Class) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (FormFlow Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/12119/CTPID.cab
O16 - DPF: {FAC462CF-7E63-4042-8620-312D71652326} - http://81.19.245.211/speedtest/SpeedTest_2.cab



Kommentar
Fra : Thrillseeker


Dato : 19-08-04 22:48

Hent denne scanner:
http://www.mwti.net/antivirus/free_utilities.asp
Det er ligegyldigt hvilket af de 7 links du downloader fra.
Inde i opsætningen sætter du den til at scanne alt.
Kør den.

Følg vejledningen her: http://www.spywarefri.dk/hjtanv.htm (punkt 6). Fix disse med HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50007
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - F:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [WinTools] F:\Programmer\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\MSN Messenger\MsgPlus.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://F:\Programmer\WebRebates\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Web Savings - file://F:\Programmer\WebSavingsfromEbates\System\Temp\ebateswebsavings_scr ipt0.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm
O9 - Extra button: TvGuide - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - www.tvguide.dk (file missing)
O9 - Extra 'Tools' menuitem: TvGuide.dk - {E6850551-1B82-47cd-BBF3-8E7D6099F9B3} - www.tvguide.dk (file missing)

Vi skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen.

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Disse programmer skal slettes i fejlsikret tilstand. Du genstarter og trykker F8 når Windows starter op.

Søg efter disse filer og mapper:
F:\PROGRA~1\COMMON~1\WinTools>>>>slet mappen Wintools
F:\Programmer\MSN Messenger\MsgPlus.exe >>>>Slet mappen MsgPlus.exe
F:\Programmer\WebRebates >>>>Slet mappen WebRebates



Derefter genstarter du og sender en ny log ind til check


Godkendelse af svar
Fra : lexion


Dato : 17-12-04 23:53

Tak for svaret arlet.
                        

Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Reklame
Statistik
Spørgsmål : 177577
Tips : 31968
Nyheder : 719565
Indlæg : 6409068
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste