Søg
Avatar billede npi Nybegynder
21. april 2004 - 09:58 Der er 10 kommentarer

http://www.payfortraffic.net/mainsearch.htm

Denne hjemmeside bliver ved med at poppe op, når jeg starter IE, som startside. Selvom jeg fjerner den, kommer den igen næste gang.

Har forsøgt at fjerne den med ad-aware 6.0 men uden held. Denne fandt 9 filer som blev fjernet men de kom op næste gang jeg startede IE.

Hvordan kan den fjernes permanent??
Avatar billede magictouch Nybegynder
21. april 2004 - 10:10 #1
Følg vejledningen for Spybot og Hijackthis her: http://www.arlet.dk/spybothjt.htm
Smid loggen herind, i dette spm, så vil vi kigge på den. Husk at indsætte alle linier fra loggen herinde.
Avatar billede npi Nybegynder
21. april 2004 - 11:57 #2
her er loggen. Det kan se ud somom den allerede er blevet fjernet da den kommer op med blank side når jeg åbner IE.

Logfile of HijackThis v1.97.7
Scan saved at 11:39:56, on 21-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AEIWLSVC.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\WINDOWS\System32\AEIWLRAD.EXE
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\OfficeScan NT\pccntmon.exe
C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\PROGRA~1\FÆLLES~1\Nokia\Services\SERVIC~1.EXE
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programmer\FinePixViewer\QuickDCF.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Palm\HOTSYNC.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\mtcopnpi\Skrivebord\hi jack\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks


O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Programmer\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IO-Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Programmer\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmer\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o

O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq/vet_install_popup.pl?1&04.00.05.04&http://www.smb.compaq.com/html/interactive/620c/model.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} (Microsoft ImageList Control, version 5.0 (SP2)) - http://mtab_se_mnt7/rmtplus/cab/Comctl32.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.2190393519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\Software\..\Telephony: DomainName = europe.mtgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = metsatissue.com
Avatar billede magictouch Nybegynder
21. april 2004 - 12:00 #3
Åbenbart, det må være spybot, men der er lidt der skal fixes, kigger lige på den
Avatar billede magictouch Nybegynder
21. april 2004 - 13:02 #4
Du scanner og vinger nedestående af
Det disse der skal fixes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
Den her er jeg ikke sikker på:O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll

Men prøv at flyt msole dll over i en temp mappe
Avatar billede magictouch Nybegynder
21. april 2004 - 13:24 #5
Og send en ny log herind
Avatar billede npi Nybegynder
21. april 2004 - 15:40 #6
Her er en ny log !!!

Jeg har haft genstartet min PC siden sidst !!

Logfile of HijackThis v1.97.7
Scan saved at 15:36:20, on 21-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AEIWLSVC.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\WINDOWS\System32\AEIWLRAD.EXE
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\OfficeScan NT\pccntmon.exe
C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\PROGRA~1\FÆLLES~1\Nokia\Services\SERVIC~1.EXE
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programmer\FinePixViewer\QuickDCF.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Programmer\Palm\HotSync.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Programmer\Fælles filer\System\MAPI\1030\nt\MAPISP32.EXE
C:\Programmer\Fælles filer\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\mtcopnpi\Skrivebord\hi jack\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.payfortraffic.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.payfortraffic.net/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.payfortraffic.net/mainsearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.payfortraffic.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.payfortraffic.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.payfortraffic.net/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.payfortraffic.net/mainsearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.payfortraffic.net/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.payfortraffic.net/search.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Programmer\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IO-Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Programmer\Fælles filer\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Programmer\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmer\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq/vet_install_popup.pl?1&04.00.05.04&http://www.smb.

compaq.com/html/interactive/620c/model.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} (Microsoft ImageList Control, version 5.0 (SP2)) - http://mtab_se_mnt7/rmtplus/cab/Comctl32.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.2190393519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\Software\..\Telephony: DomainName = europe.mtgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = metsatissue.com
Avatar billede magictouch Nybegynder
21. april 2004 - 18:19 #7
Den er kommet tilbage;(
Hent cwshredder, lidt ned på siden og kør denhttp://www.spywareinfo.com/%7Emerijn/downloads.html
Og ny log;)
Avatar billede magictouch Nybegynder
21. april 2004 - 18:50 #8
Da du kørte Spybot, trykkede så på Immuniser bagefter?
Avatar billede npi Nybegynder
22. april 2004 - 09:32 #9
Har kørt cwshredder og den fjernede 9 inficerede filer

Trykkede ikke immuniser med Spybot

Her er ny log....

It appears to be a mean son of a bitch....

Logfile of HijackThis v1.97.7
Scan saved at 09:25:52, on 22-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AEIWLSVC.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\WINDOWS\System32\AEIWLRAD.EXE
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\OfficeScan NT\pccntmon.exe
C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\kdx\KHost.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\PROGRA~1\FÆLLES~1\Nokia\Services\SERVIC~1.EXE
C:\Programmer\Fælles filer\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programmer\FinePixViewer\QuickDCF.exe
C:\Programmer\TEXTware\HotKey\TWALINK.EXE
C:\Programmer\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\mtcopnpi\Skrivebord\hi jack\hjt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Programmer\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IO-Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Programmer\Fælles filer\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Programmer\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmer\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -

https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq/vet_install_popup.pl?1&04.00.05.04&http://www.smb.

compaq.com/html/interactive/620c/model.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} (Microsoft ImageList Control, version 5.0 (SP2)) - http://mtab_se_mnt7/rmtplus/cab/Comctl32.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.2190393519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\Software\..\Telephony: DomainName = europe.mtgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = europe.mtgroup.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = metsatissue.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = metsatissue.com
Avatar billede magictouch Nybegynder
22. april 2004 - 11:28 #10
Er det her noget du har skrevet: It appears to be a mean son of a bitch....?
fixes:
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab

Kender du noget til dem her:
C:\WINDOWS\system32\AEIWLSVC.EXE
- C:\WINDOWS\System32\msole.dll
Tjek dem, gå i mappeindstillinger, vis skjulte filer, fjern flueben i- skjul beskyttede osv, hvis der ikke stå noget brugbart, så fix dem:
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE

Installer også en sikkerhedspakke-min sikkerhedspakke: www.arlet.dk
og vend tilbage
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andre onlineløsninger kategorien

Titel Indlæg Oprettet Seneste aktivitet
AI google.com Af Peter Olsen i Andre onlineløsninger 3 04/04/202609:43 06/04/202608:43
Eboks.dk og Borger.dk Af nu_igen i Andre onlineløsninger 10 25/02/202612:56 03/03/202619:43
Mobilpay svindel Af nu_igen i Andre onlineløsninger 8 24/01/202609:50 26/01/202612:02
Streaming af film Af jgormm i Andre onlineløsninger 4 27/09/202508:01 28/09/202510:12
Drop i Core Web Vitals i Google search console Af Elby i Andre onlineløsninger 1 08/08/202514:32 04/03/202613:25
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
I går 11:50 Vælg indstilling - blå skærm med med flere muligheder for fejlretning Af Uvanga i Windows
14/0523:24 Google sheets beregning udfra dato Af rickiegrayholm i Office & Kontorpakker
14/0518:09 Outlook Classic, lukker ikke Af mort1 i E-mail programmer
13/0520:48 Bred buet skærm vs. 2 skærme Af Nanarsi i Skærme
White papers
Flere white papers »