Søg
Avatar billede mik28 Seniormester
19. juni 2004 - 04:33 Der er 11 kommentarer og
1 løsning

Starter op på res://bftzx.dll/index.html#96676

Jeg har vist fået en eller anden virus. Lige meget hvad jeg gør starter min browser op her

res://bftzx.dll/index.html#96676
Avatar billede mik28 Seniormester
19. juni 2004 - 04:34 #1
Det vælter også frem med popups
Avatar billede magictouch Nybegynder
19. juni 2004 - 05:30 #2
Det er træls;( Hent Spybot, Adware
Efter du har installeret dem, booter du til fejlsikret tilstand - Tryk F8 under genstarten. Så kører du dem.
Spybot: http://www.majorgeeks.com/download2471.html
Install, update, immunize and run. Fix all, marked with red


Adware: http://www.lavasoftusa.com/support/download/#free

Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program

Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list

Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window

In the "General" window make sure the following are selected:
Automatically save log-file
Automatically quarantine objects prior to removal
Safe Mode (always request confirmation)

Click on the "Scanning" button on the left and select :
Scan Within Archives
Scan Active Processes
Scan Registry
Deep Scan Registry
Scan my IE favorites for banned URL’s
Scan my Hosts file
Under ‘Click here to select drives + folders, choose:
All of your hard drives

Click on the "Advanced" button on the left and select:
Include additional process information
Include additional file information
Include environment information
Include additional object details

Click the "Tweak" button and select:
Under the "Scanning Engine":
Unload recognized processes during scanning
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Under the ‘Cleaning Engine’:
Let Windows remove files in use at next reboot

Click on "Proceed" to save the settings.

Click -Start- and on the next screen choose "Activate in-depth Scan" at the bottom of the page and then choose:
Use Custom Scanning Options

Click -Next- and AdAware will scan your hard drive(s) with the options you have selected.
After scan,put a checkmark to all what it find, then click "finish"

REBOOT
Avatar billede magictouch Nybegynder
19. juni 2004 - 05:37 #3
Når du har kørt dem, henter du Cwshredder og Hijackthis:  http://www.spywareinfo.com/~merijn/downloads.html
Som du installerer, i hver deres egen mappe, ikke en temp mappe!
Installer, opdater, fejlsikret tilstand-igen
Kør først Cwshredder, luk alle andre vinduer. Fix
Hijackthis. Scan, scan knappen skifter til, save log, som du kopierer herind
Avatar billede mik28 Seniormester
19. juni 2004 - 09:44 #4
Logfile of HijackThis v1.97.7
Scan saved at 09:48:00, on 19-06-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\Ati2evxx.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\mysql\bin\mysqld-nt.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\Mixer.exe
D:\Program Files\Winamp\winampa.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\Program Files\D-Tools\daemon.exe
D:\WINNT\system32\mfcca.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
D:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
D:\WINNT\system32\d3ea.exe
D:\PROGRA~1\MI43DA~1\BLUETO~1\BTSTAC~1.EXE
D:\PROGRA~1\HEWLET~1\HPPSC7~1\bin\hpoevm07.exe
D:\Program Files\Hewlett-Packard\hp psc 700 series\bin\HPOSTS07.exe
D:\antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\vtgsk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vtgsk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vtgsk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\vtgsk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vtgsk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\vtgsk.dll/sp.html#96676
O2 - BHO: (no name) - {0C3C76C0-550A-A98A-E7FF-3086A99F9D8C} - D:\WINNT\system32\mssv32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] D:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [CamMonitor] D:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMS] D:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [mfcca.exe] D:\WINNT\system32\mfcca.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKLM\..\RunOnce: [d3ea.exe] D:\WINNT\system32\d3ea.exe
O4 - Global Startup: BTTray.lnk = D:\Program Files\MICROSTAR\Bluetooth Software\BTTray.exe
O4 - Global Startup: HPAiODevice.lnk = D:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37860.9772569444
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.eb.dk/codekstra/cabs/cssweb.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CF392BE0-B84F-46E9-BDA9-845119819119} (IPAQSelfHelp Class) - http://instantsupport.europe.hp.com/awebui/jsp/answerweb/applets/ISPEIPAQTool.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4313/mcfscan.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://www.tukati.com/software/4/1.7.20.20/tukati.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B700404D-C9EF-42CC-A011-FD82D9FA42CC}: NameServer = 193.162.153.164,194.239.134.83
Avatar billede magictouch Nybegynder
19. juni 2004 - 10:29 #5
Åbn Notepad/Notesblok du finder det under -Start - Tilbehør. Kopier det her ind i Notepad/Notesblok:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
Og gem filen som: clean.reg

Filtyper - her vælger du alle.
Klik/Dobbeltklik på clean.reg på den, og sig ja til at flette

Genstart i fejlsikret tilstand. Du kan taste f8 under genstart, og derefter vælge fejlsikret tilstand.

Kør hijackthis, scan, ving nedenstående af, og fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\vtgsk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vtgsk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vtgsk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINNT\vtgsk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vtgsk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINNT\vtgsk.dll/sp.html#96676
O2 - BHO: (no name) - {0C3C76C0-550A-A98A-E7FF-3086A99F9D8C} - D:\WINNT\system32\mssv32.dll
O4 - HKLM\..\Run: [mfcca.exe] D:\WINNT\system32\mfcca.exe
O4 - HKLM\..\RunOnce: [d3ea.exe] D:\WINNT\system32\d3ea.exe

Find og slet:
D:\WINNT\vtgsk.dll
D:\WINNT\system32\mssv32.dll
D:\WINNT\system32\mfcca.exe
D:\WINNT\system32\d3ea.exe

Genstart og ny log
Avatar billede fromsej Praktikant
19. juni 2004 - 11:16 #6
Clean.reg kan hentes her:
http://www.sitecenter.dk/fromsej/nss-folder/mappe/1cleanreg/clean.reg
Højreklik, vælg "Gem destination som".
Avatar billede mik28 Seniormester
19. juni 2004 - 14:54 #7
Jeg kan ikke få det til at virke
Avatar billede mik28 Seniormester
19. juni 2004 - 14:55 #8
Jeg har prøvet at gøre som foreskrevet men jeg har stadig det samme problem
Avatar billede magictouch Nybegynder
19. juni 2004 - 15:13 #9
Det er en af de grimme;(
Vil du sende en ny log?
Avatar billede mik28 Seniormester
19. juni 2004 - 22:41 #10
så lykkes det at slippe af med det. Ligger du et svar
Avatar billede magictouch Nybegynder
20. juni 2004 - 05:40 #11
Det lyder godt;) meget gerne
Avatar billede magictouch Nybegynder
20. juni 2004 - 10:20 #12
Takker;)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Browsere kategorien

Titel Indlæg Oprettet Seneste aktivitet
lukkede cookies i microsoft edge Af ole falsted i Browsere 4 26/10/202517:02 01/11/202514:19
Firefox: Hvordan forhindrer jeg DOOM i altid at loade ved start af firefox? Af KurtG i Browsere 7 13/10/202517:21 14/10/202508:42
Gøre højden af tabelrække mindre Af KurtG i Browsere 1 08/10/202509:39 08/10/202509:41
Kan ikke logge på HBO Max på pc Af Finn-Erik i Browsere 2 06/10/202516:52 14/10/202511:55
Lukket ude Af arnel i Browsere 1 05/10/202512:37 05/10/202514:14
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:50 Mobilpay svindel Af nu_igen i Andre onlineløsninger
22/0120:51 Knap til ipad Af FinnLauridsen i Excel
21/0113:53 Icloud mail via Outlook Af lbc i E-mail programmer
21/0108:32 USB NØGLE gratis Af nu_igen i Andet hardware
20/0121:11 Hvordan får jeg reCAPTCHA på min hjemmeside? Af Strawberry i PHP
White papers
Flere white papers »