Kan en underlig Java være virus

Gå ind her og hent Spybot og Hijackthis.
http://www.spywarefri.dk/vaerktoj.htm
Installer og kør Spybot, opdater online, scan, afhjælp valgte problemer, genstart.
Derefter udpakker og kører du Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.
Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.

Arghhh.....nu kan jeg s.. ikke downloade!

Logfile of HijackThis v1.97.7
Scan saved at 16:27:43, on 28-12-2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Apache Group\Apache\Apache.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Programmer\Apache Group\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
C:\mysql\bin\mysqld-max-nt.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\SERV-U\SERVUD~1.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\WINNT\System32\qttask.exe
C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe
C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Creative\ShareDLL\MediaDet.Exe
C:\Programmer\TimeTool\TimeTool.exe
C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINNT\system32\internat.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Programmer\Serv-U\ServUTray.exe
C:\Programmer\Eraser\eraser.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINNT\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lauesen.dk/link_portal/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Speed racer] C:\Programmer\Creative\SBLive2k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Programmer\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Stone's TimeTool] "C:\Programmer\TimeTool\TimeTool.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programmer\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [Eraser] C:\Programmer\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nykredit Internetbank - http://195.249.127.11/NykBank.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/dk/win/QuickTimeInstaller.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/israel/TemplateGallery/msotd.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37575.5000462963
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{876704DA-81A2-44C7-B4C9-37D2422EA9CC}: NameServer = 193.162.153.164 194.239.134.83

Her er den så...

fromsej> Er du med endnu?

Ja, giv mig lige 1/2 time.

ok - 1000 tak!

Jeg overtog dig lige fra fromsej, han havde ikke lige tid. *S*

Du skal nu til at i gang med at fixe.

Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for alle disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked. Efter fix skal du genstarte din computer.

Det er disse, som skal fixes:


O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/dk/win/QuickTimeInstaller.exe

Genstart din computer.

Disse er unødvendige at have liggende I din opstart, da de alle kan nås via startprogrammer. De ligger bare og ”sluger” computerens kræfter.
Du kan Fjerne vingen til venstre for følgende programmer, hvis du ønsker det:
Start
Kør
Skriv: msconfig
Ok
Fanebladet start
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r

Genstart, ny scanning med hj og ny kopi af loggen herind.

skal også fixes:
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

Logfile of HijackThis v1.97.7
Scan saved at 17:29:50, on 28-12-2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Apache Group\Apache\Apache.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Programmer\Apache Group\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
C:\mysql\bin\mysqld-max-nt.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\SERV-U\SERVUD~1.EXE
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Creative\SBLive2k\Launcher\CTLauncher.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\TimeTool\TimeTool.exe
C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINNT\system32\internat.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Programmer\Serv-U\ServUTray.exe
C:\Programmer\Creative\ShareDLL\MediaDet.Exe
C:\Programmer\Eraser\eraser.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINNT\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lauesen.dk/link_portal/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Programmer\Creative\SBLive2k\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Programmer\Creative\SBLive2k\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Stone's TimeTool] "C:\Programmer\TimeTool\TimeTool.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programmer\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [Eraser] C:\Programmer\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nykredit Internetbank - http://195.249.127.11/NykBank.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {156731E1-D652-11D1-BE03-00A0C9111212} (ATLSBNCheck Class) - http://msdn.microsoft.com/downloads/samples/internet/sbncheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/israel/TemplateGallery/msotd.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37575.5000462963
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{876704DA-81A2-44C7-B4C9-37D2422EA9CC}: NameServer = 193.162.153.164 194.239.134.83

Jeg har stadig det grå felt (Java) i bunden af denne side...

msconfig duer ikke i win2000

http://www.svrops.com/svrops/dwnldoth.htm - Msconfig til 2K

Takker :o)

Når vi er færdige, hæver jeg lige points til max. så I begge kan få lidt for ulejligheden!

Er I med endnu - eller er I gået til frokost? :o)

Jeg skal nok tjekke den igen. Må jeg ikke lige vente til efter filmen. For en gang skyld vil jeg prøve at holde fri et par timer. Jeg vender tilbage til dig som det første lige efter kl. 22.

Så er jeg tilbage, og har tjekket din nye log. Der er en som jeg syntes er meget mistænkelig. Det drejer sig om denne fil:

O4 - HKLM\..\Run: [Stone's TimeTool] "C:\Programmer\TimeTool\TimeTool.exe"

Kender du ikke noget til den selv, så skal vi have den fixet med Hijack og så skal du efterfølgende starte i fejlsikret tilstand, finde og fjerne denne her:

C:\Programmer\TimeTool\TimeTool.exe

Den er ikke til at finde noget om nogen steder, det er i sig selv meget mistænkeligt.

Bortset fra denne så ser det pænt ud. Der er ikke mere snavs i de andre filer.

Mvh. Aovergaard/Team Spywarefri  Godt Nytår

Stones TimeTool er fjernet, men er et prog. jeg selv har installeret...

Jeg har stadig den grå java-konsol box i bunden af mange sider, bl.a. denne (Eksperten) og stadig filen .plugin141_01.trace - så min bekymring er ikke blevet mindre - er der ingen god forklaring, på de 2 ting???

Please...!!!!

har du mulighed for at uploade et billed af det ?
kig lige her http://forum.java.sun.com/thread.jsp?forum=30&thread=475103&tstart=0&trange=15

filen .plugin141_01.trace  er mig bekendt ikke noget farligt på din computer, men java fra Sun's måde at lave cache på. Det kan være du skal lede efter en indstilling i Suns java for at få den boks væk.

Alternativt kan du prøve at afinstallere Sun's java og hvis du så mangler Java, manuelt at installere Microsofts i stedet for. Mener dog at en opdatering hos Microsoft skulle være nok, men jeg kender ikke 2000 så godt.

Jo - her er et billede :

http://home3.inet.tele.dk/emronn/java_ting.jpg

plugin141_01.trace er Java relateret, så den er ikke "farlig".
Men find og installer MS java i stedet for Sun´s udgave, det burde hjælpe.

Fortsættes åbenbart her http://www.eksperten.dk/spm/444870

Måske skal Jer fra spywarefri.dk lige se med her :

http://www.eksperten.dk/spm/444870

Kigger derover.