messenger services

http://grc.com/files/ShootTheMessenger.exe

http://grc.com/stm/shootthemessenger.htm

gå ind under services (kør->services.msc), og stop+disable messenger

Jeg har gjort som beskrevet:

gå ind under services (kør->services.msc), og stop+disable messenger

men de kommer alligevel....

Derudover får jeg konstant en internet side op når jeg arbejder i IE. Min popup-stopper fjerner den, men den kommer igen og lægger et ikon på skrivebordet med egenskaber som følger:

"C:\Programmer\Internet Explorer\iexplore.exe" http://www.casinopalazzo.com/index.php?sourceid=102174

Hvordan kan jeg stoppe dette...

http://grc.com/stm/shootthemessenger.htm

Du kunne starte med at gøre som der bliver foreslået!

nu har jeg downloaded http://grc.com/stm/shootthemessenger.htm og aktiveret den

Alligevel kommer der messenger service meddelelser som:
earse your surfing history forever, PAL evidence eliminater

Hvad gør jeg nu?

Derudover får jeg stadig en internet side op når jeg arbejder i IE. Min popup-stopper fjerner den, men den kommer igen og lægger et ikon på skrivebordet "Hot on-line show" med egenskaber som følger:

"C:\Programmer\Internet Explorer\iexplore.exe" http://www.casinopalazzo.com/index.php?sourceid=102174

nej nej nej...
Du skal deaktivere messenger - da ikke aktivere den ;)

http://www.arlet.dk/spybothjt.htm - kør og scan med spybot + scan med hijackthis og smid loggen herind - fix ikke selv!!!

Selfølgelig havde jeg deaktiveret den. Skrivefejl.

Spybot search and destroy opdateret og kørt. - ingen bots!

Filen fra HiJackThis er som følger:

Logfile of HijackThis v1.97.7
Scan saved at 17:36:11, on 17-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Offic

hovsa - der er mere til den log ,)

Ja det er der....

Den lavede hvad den ofte gør. Skiftede til en anden hjemmeside uden min indblanding....

Her er loggen igen

Logfile of HijackThis v1.97.7
Scan saved at 17:36:11, on 17-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\HPConfig.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\WINDOWS\essspk.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\OfficeScan NT\pccntmon.exe
C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Fælles filer\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmer\iolo\System Mechanic 4 Professional\PopupStopper.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programmer\FinePixViewer\QuickDCF.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Palm\HOTSYNC.EXE
C:\Programmer\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW4\ToDuCAlC.EXE
C:\WINDOWS\System32\taskngr.exe
C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Programmer\Fælles filer\System\MAPI\1030\nt\MAPISP32.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\mtcopnpi\Skrivebord\hi jack\hjt.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msmk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Programmer\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Programmer\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IO-Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmer\Fælles filer\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PtLiveUpdate] C:\Programmer\Fælles filer\Pumatech Shared\LiveUpdate Client\PtLUWorker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Programmer\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - Startup: HotSync Manager.lnk = C:\Programmer\Palm\HOTSYNC.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmer\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/homepage-o
O15 - Trusted Zone: http://*.63.219.181.7
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq/vet_install_popup.pl?1&04.00.05.04&http://www.smb.compaq.com/html/interactive/620c/model.html
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/PopSwatterInitialSetup1.0.0.8.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} (Microsoft ImageList Control, version 5.0 (SP2)) - http://mtab_se_mnt7/rmtplus/cab/Comctl32.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38031.2190393519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Min Panda fjernede selv en fil her til morgen. Den lå i C:\WINDOWS\System32\taskngr.exe og hed noget med download.?? (nåede ikke at skrive det ned før den var væk..