Søg
Avatar billede rubaek Mester
02. juni 2004 - 22:24 Der er 22 kommentarer og
1 løsning

Endnu en Hijack logfil

Ny computer gør underlige ting i øjeblikket. Er der nogle der vil kigge på min logfil ??

Logfile of HijackThis v1.97.7
Scan saved at 22:22:48, on 02-06-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMER\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAMMER\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAMMER\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SKRIVEBORD\DIVERSE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.topsearcher.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.topsearcher.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?np-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www.signon.stofanet.dk/proxz.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRAMMER\TEXTWARE\QUICKFIND\PLUGINS\IEHELP.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMER\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\SYSTEM\regsvrac32.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAMMER\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAMMER\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMER\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAMMER\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [POINTER] C:\Programmer\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Programmer\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Programmer\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServices: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\RunOnce: [UDF9D.EXE] C:\WINDOWS\SYSTEM\UDF9D.EXE
O4 - HKCU\..\RunOnce: [UDF9D.EXE] C:\WINDOWS\SYSTEM\UDF9D.EXE
O4 - Startup: Genvej til SCA.lnk = C:\Dokumenter\Stofa\SCA.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmtrans.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm060
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00600BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibpib100.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00613BD20023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1320ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1401ib100.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1500ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1700ib100.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4242/mcfscan.cab
O16 - DPF: {A5B4176A-5347-4CEC-AB75-26947BB34183} (InstaladorBetyByte Control) - http://www.redzone.dk/uploads/cab/instaladorbetybyteuk.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp2500ib100.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38111.4888078704
Avatar billede andersenph Nybegynder
02. juni 2004 - 22:26 #1
Jeg kigger den igennem for dig...
Avatar billede andersenph Nybegynder
02. juni 2004 - 22:29 #2
http://209.133.47.12/~merijn/files/CWShredder.exe
Hent cwshredder. Check om der er opdateringer.
Tryk på fix. Scan og fix det den finder.
Genstart og kom med en ny hijack log
Avatar billede andersenph Nybegynder
02. juni 2004 - 22:33 #3
Så har du DAP liggende. Det dur ikke. Det er fyldt med spyware.
Slet det i tilføj/fjern programmer i kontrolpanelet.

Du kan anvende Stardownloader i stedet.
Her er et link:
http://www.vollversion.de/download/stardownloader_1342.html
Avatar billede andersenph Nybegynder
02. juni 2004 - 22:35 #4
Nu mens du er i kontrolpanelet, så fjern Mywebsearch. Det er noget forfærdeligt snavs.
Når du har gjort alt dette kommer du med en ny log
Okay?
Avatar billede rubaek Mester
02. juni 2004 - 22:57 #5
Har tidligere forsøgt at fjerne DAP men maskinen gik ned, men fjernede DAP fra listen, men nu har jeg fjernet mappen i "programmer"

Ny log fil


Logfile of HijackThis v1.97.7
Scan saved at 22:56:56, on 02-06-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMER\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAMMER\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\TV MEDIA\TVM.EXE
C:\WINDOWS\SYSTEM\EBRJLQ.EXE
C:\TV MEDIA\TVM.EXE
C:\DOKUMENTER\STOFA\SCA.EXE
C:\PROGRAMMER\INCREDIMAIL\BIN\IMAPP.EXE
C:\WINDOWS\SKRIVEBORD\DIVERSE\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www.signon.stofanet.dk/proxz.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRAMMER\TEXTWARE\QUICKFIND\PLUGINS\IEHELP.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMER\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\SYSTEM\regsvrac32.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMER\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [POINTER] C:\Programmer\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Programmer\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [dsqeymdtn] C:\WINDOWS\SYSTEM\ebrjlq.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmer\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\RunOnce: [UDF9D.EXE] C:\WINDOWS\SYSTEM\UDF9D.EXE
O4 - HKCU\..\RunOnce: [UDF9D.EXE] C:\WINDOWS\SYSTEM\UDF9D.EXE
O4 - Startup: Genvej til SCA.lnk = C:\Dokumenter\Stofa\SCA.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00600BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibpib100.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00613BD20023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1320ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1401ib100.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1500ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1700ib100.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4242/mcfscan.cab
O16 - DPF: {A5B4176A-5347-4CEC-AB75-26947BB34183} (InstaladorBetyByte Control) - http://www.redzone.dk/uploads/cab/instaladorbetybyteuk.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp2500ib100.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38111.4888078704
Avatar billede andersenph Nybegynder
02. juni 2004 - 23:07 #6
Se det var meget bedre :O)
Jeg kommer med resten du skal fixe om 5 minutter...
Avatar billede rubaek Mester
02. juni 2004 - 23:11 #7
fint, jeg venter
Avatar billede andersenph Nybegynder
02. juni 2004 - 23:13 #8
Først opretter du en mappe kun til hijackthis og lægger programmet derover. Så har vi nemlig styr på backup filerne.
Kommer du til at slette noget forkert, kan vi altid komme tilbage og lave en restore. Derfor skal Hijack have sin egen mappe.

Du skal nu til at i gang med at fixe. NU skal du åbne hijackthis.
Du skal at sætte en vinge ud for disse filer jeg har skrevet nedeunder.
Når du har gjort det så lukker du alle andre vinduer ned.
Klik på Fix checkede.

Her er de filer, du skal fixe:
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRAMMER\TEXTWARE\QUICKFIND\PLUGINS\IEHELP.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMER\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\SYSTEM\BRIDGE.DLL
O2 - BHO: (no name) - {D537A3D0-8C07-4D62-953F-162207F5090D} - C:\WINDOWS\SYSTEM\regsvrac32.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - C:\PROGRA~1\LYCOS\IEAGENT\CSIE.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMER\MYSEARCH\BAR\1.BIN\S4BAR.DLL
-----------------
Disse kender jeg ikke. Hvis du heller ikke gør skal den fixes….

O4 - HKLM\..\Run: [dsqeymdtn] C:\WINDOWS\SYSTEM\ebrjlq.exe
O4 - HKLM\..\RunOnce: [UDF9D.EXE] C:\WINDOWS\SYSTEM\UDF9D.EXE
O4 - HKCU\..\RunOnce: [UDF9D.EXE] C:\WINDOWS\SYSTEM\UDF9D.EXE

---------------------

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
Avatar billede andersenph Nybegynder
02. juni 2004 - 23:13 #9
Når du har fixet genstarter du og giver mig en ny log til kontrol
Avatar billede andersenph Nybegynder
02. juni 2004 - 23:20 #10
Nå jeg smutter til køjs.
vi fortsætter i morgen....
Avatar billede rubaek Mester
02. juni 2004 - 23:29 #11
Sov godt

----

Min nye fil

Logfile of HijackThis v1.97.7
Scan saved at 23:31:12, on 02-06-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMER\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAMMER\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\VIRUSTJEK\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://www.signon.stofanet.dk/proxz.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: (no name) - {69550BE2-9A78-11d2-BA91-00600827878D} - C:\WINDOWS\system\shdocvw.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [POINTER] C:\Programmer\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Programmer\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmer\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - HKCU\..\RunServices: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\RunServices: [TV Media] C:\TV MEDIA\TVM.EXE
O4 - Startup: Genvej til SCA.lnk = C:\Dokumenter\Stofa\SCA.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.70-DELEON.DLL/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .PDF: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00600BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibpib100.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00613BD20023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1320ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1401ib100.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1500ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp1700ib100.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4242/mcfscan.cab
O16 - DPF: {A5B4176A-5347-4CEC-AB75-26947BB34183} (InstaladorBetyByte Control) - http://www.redzone.dk/uploads/cab/instaladorbetybyteuk.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00023} (Alm. Brand Netbank) - https://www.almbrand-netbank.dk/salmbrandibp2500ib100.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaInitialSetup1.0.0.8.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38111.4888078704
Avatar billede rubaek Mester
02. juni 2004 - 23:43 #12
Min maskine kører nu igen som en drøm, tak for hjælpen.

Husk svar til point
Avatar billede andersenph Nybegynder
03. juni 2004 - 08:09 #13
Det var da godt vi fik liv i maskinene igen :O)
Men du skal lige fixe denne:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

Og så har du stadig denne liggende:
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll
Det er også en Browser Helper Objekt. Som regel følger der spyware med i købet på sådan een.
Jeg ville fixe den.
Ellers er din log ren....
Avatar billede rubaek Mester
03. juni 2004 - 08:36 #14
Denne linie vil ikke forsvinde ??

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\TV MEDIA\TvmBho.dll

Jeg har prøvet flere gange ??
Avatar billede andersenph Nybegynder
03. juni 2004 - 08:43 #15
Ok. Prøv i fejlsikret at fixe den.
Tryk F8 når windows starter op....
Avatar billede andersenph Nybegynder
03. juni 2004 - 08:46 #16
Genstart i fejlsikret tilstand søg og slet det med fed:
C:\Programmer\TV Media\Tvm.exe
Avatar billede andersenph Nybegynder
03. juni 2004 - 08:47 #17
Glem det med fed tekst (brøler) *LOL*
Avatar billede andersenph Nybegynder
03. juni 2004 - 08:49 #18
O9 - Extra button: Run DAP (HKLM)
Du skal også fixe denne. Den har du ikke brug for mere...
Avatar billede rubaek Mester
03. juni 2004 - 09:10 #19
Så er det hele væk
Tak for hjælpen

Kan alle backup filer slettes ??
Avatar billede andersenph Nybegynder
03. juni 2004 - 09:12 #20
Ja det kan de godt.
Godt du klarede det :O)
Avatar billede andersenph Nybegynder
03. juni 2004 - 09:13 #21
http://www.eksperten.dk/artikler/144
http://www.eksperten.dk/artikler/254
Her er lidt læsning om sikker surfing på nettet.
Avatar billede rubaek Mester
03. juni 2004 - 10:27 #22
Hvorfor kan jeg ikke acceptere dit svar ??

Når jeg trykker på knappen sker der ingenting ??
Avatar billede andersenph Nybegynder
03. juni 2004 - 10:37 #23
Du skal markere mit navn i boxen til venstre og derefter acceptere....
:O)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
I går 11:50 Vælg indstilling - blå skærm med med flere muligheder for fejlretning Af Uvanga i Windows
14/0523:24 Google sheets beregning udfra dato Af rickiegrayholm i Office & Kontorpakker
14/0518:09 Outlook Classic, lukker ikke Af mort1 i E-mail programmer
13/0520:48 Bred buet skærm vs. 2 skærme Af Nanarsi i Skærme
White papers
Flere white papers »