Søg
Avatar billede mogensd Nybegynder
26. juli 2004 - 20:49 Der er 34 kommentarer

Spy - måske noget andet ?

Har nogen et godt råd til en amatørbruger med flg. problem:
Startside ændret "About blank" m.fl. Masser af mystiske mails med "sjove" skrifttegn. Kan kun komme på Nettet via mit postprogram OUTLOOK - ellers går maskinen i stå. Efter kort tid mister dyret helt pusten og jeg får beskeden Ikke flere ressourser til rådighed ! ! Har bøvlet med flere programmer til fjernelse af evt. spy, men kan vist ikke fjerne det der bliver fundet. Har bøvlet med det i flere uger nu uden held. Er efterhånden parat til at gøre hvad som helst for at blive problemet kvit. Har nogen et godt råd ?
Avatar billede arlet Juniormester
26. juli 2004 - 20:50 #1
Hent en hijackthis:
http://216.180.233.153/~merijn/files/HijackThis.exe
den udpakker du og kører Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.


Du må ikke fixe noget selv. Når vi har tjekket loggen igennem fortæller vi dig hvad du skal slette..
Avatar billede arlet Juniormester
26. juli 2004 - 20:52 #2
dette link til hijackthis: http://www.arlet.dk/hjt.exe
Avatar billede mogensd Nybegynder
26. juli 2004 - 21:05 #3
Det var en hurtig reaktion - går straks igang, kan en log fra forleden dag bruges idag ?
Avatar billede andersenph Nybegynder
26. juli 2004 - 21:20 #4
Det er bedst hvis du kommer med en ny log.
Jeg ved ikke om arlet har fået opdateret, men ellers ligger den nyeste hijack her:
http://danborg.org/spy/HJT/hijackthis.exe
Hent den og kom med en log, så får vi has på den spyware du har...
Avatar billede mogensd Nybegynder
26. juli 2004 - 23:54 #5
Undskyld den lange ventetid - havde en række nedbrud. Har nu kørt en hel ny hijack, følger her:
Logfile of HijackThis v1.98.0
Scan saved at 23:24:35, on 26-07-04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\ADDSA32.EXE
C:\WINDOWS\SYSTEM\MFCHK32.EXE
C:\WINDOWS\NETED32.EXE
C:\WINDOWS\SYSTEM\MFCCA.EXE
C:\WINDOWS\NTQG32.EXE
C:\WINDOWS\SYSTEM\ATLKA.EXE
C:\WINDOWS\SYSTEM\ADDPA32.EXE
C:\WINDOWS\SYSTEM\IPFZ32.EXE
C:\WINDOWS\SYSTEM\NETWL.EXE
C:\WINDOWS\NTJX32.EXE
C:\WINDOWS\SYSTEM\ATLLC.EXE
C:\WINDOWS\SYSTEM\IEUJ.EXE
C:\WINDOWS\SYSTEM\SDKGL32.EXE
C:\WINDOWS\ADDBX.EXE
C:\WINDOWS\NTFA32.EXE
C:\WINDOWS\JAVAOT.EXE
C:\WINDOWS\SYSTEM\D3NB32.EXE
C:\WINDOWS\ATLRZ32.EXE
C:\WINDOWS\MSIB32.EXE
C:\WINDOWS\SYSTEM\SDKML.EXE
C:\WINDOWS\SYSTEM\JAVALI32.EXE
C:\WINDOWS\MSDB32.EXE
C:\WINDOWS\NETXN.EXE
C:\WINDOWS\SYSTEM\SYSGR.EXE
C:\WINDOWS\APPJP.EXE
C:\WINDOWS\SYSTEM\IPYY32.EXE
C:\WINDOWS\SYSTEM\APPJU32.EXE
C:\WINDOWS\SYSTEM\NETPX32.EXE
C:\WINDOWS\NETVW32.EXE
C:\WINDOWS\SYSTEM\IPPI.EXE
C:\WINDOWS\SYSTEM\MFCJS.EXE
C:\WINDOWS\SYSTEM\ATLOX.EXE
C:\WINDOWS\MFCGA32.EXE
C:\WINDOWS\SYSTEM\ATLUR32.EXE
C:\WINDOWS\SYSTEM\ATLCH32.EXE
C:\WINDOWS\SYSTEM\IPGJ32.EXE
C:\WINDOWS\IPVN.EXE
C:\WINDOWS\SYSTEM\CRCM.EXE
C:\WINDOWS\SYSTEM\ATLJJ32.EXE
C:\WINDOWS\ATLKR.EXE
C:\WINDOWS\SYSTEM\WINSM32.EXE
C:\WINDOWS\SYSTEM\MFCUR.EXE
C:\WINDOWS\SYSTEM\SDKOU32.EXE
C:\WINDOWS\NETNH.EXE
C:\WINDOWS\SYSTEM\MFCKX.EXE
C:\WINDOWS\CRDH.EXE
C:\WINDOWS\SYSTEM\APIWQ32.EXE
C:\WINDOWS\SYSTEM\JAVAWR32.EXE
C:\WINDOWS\SYSTEM\ATLGL32.EXE
C:\WINDOWS\MFCKE32.EXE
C:\WINDOWS\WINGR32.EXE
C:\WINDOWS\IEDB32.EXE
C:\WINDOWS\SYSTEM\CRMG.EXE
C:\WINDOWS\D3QN.EXE
C:\WINDOWS\CRKX32.EXE
C:\WINDOWS\SYSTEM\IEQP32.EXE
C:\WINDOWS\SYSTEM\IEJO32.EXE
C:\WINDOWS\ADDPX.EXE
C:\WINDOWS\SYSTEM\JAVAPC32.EXE
C:\WINDOWS\SYSTEM\SDKRQ32.EXE
C:\WINDOWS\NTXZ32.EXE
C:\WINDOWS\SYSTEM\IPLW32.EXE
C:\WINDOWS\APIQT.EXE
C:\WINDOWS\SYSTEM\NTDY32.EXE
C:\WINDOWS\D3CJ32.EXE
C:\WINDOWS\ATLCL32.EXE
C:\WINDOWS\JAVAGP.EXE
C:\WINDOWS\WINCM32.EXE
C:\WINDOWS\SYSTEM\SDKIJ32.EXE
C:\WINDOWS\SYSTEM\MFCNZ.EXE
C:\WINDOWS\SYSTEM\ADDEY32.EXE
C:\WINDOWS\SDKNM32.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\CROK.EXE
C:\WINDOWS\SYSTEM\APPEK32.EXE
C:\WINDOWS\SYSTEM\IETL.EXE
C:\WINDOWS\SYSTEM\NETRE.EXE
C:\PROGRAMMER\FæLLES FILER\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CRCM.EXE
C:\WINDOWS\SYSTEM\MSJC.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lmgkb.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lmgkb.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lmgkb.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lmgkb.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lmgkb.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lmgkb.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FÆLLES~1\REAL\TOOLBAR\REALBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: Class - {2CC07AB9-A5D9-27DD-3113-405AEDC88F6B} - C:\WINDOWS\SYSTEM\MFCJM32.DLL (file missing)
O2 - BHO: Class - {94F50C5F-7EE4-2B92-1BB2-F47C0C0B407F} - C:\WINDOWS\SYSTEM\IEDH.DLL (file missing)
O2 - BHO: Class - {1BEDA55E-0B4B-E5DC-793A-BE375A0C18C7} - C:\WINDOWS\SYSTEM\JAVAIG.DLL (file missing)
O2 - BHO: Class - {6C95404A-E5AF-4D52-3E8A-81F9CF4E4876} - C:\WINDOWS\JAVAAI.DLL (file missing)
O2 - BHO: Class - {6A179565-2A80-B3E8-B301-3F172DD761A4} - C:\WINDOWS\WINMZ32.DLL (file missing)
O2 - BHO: Class - {B1D30F00-A22D-E5B5-37F9-350CF18F2255} - C:\WINDOWS\SYSTEM\IPRD.DLL (file missing)
O2 - BHO: Class - {9D939B9D-A7D9-2322-3649-32D4B58ECFAE} - C:\WINDOWS\SYSTEM\APPGI32.DLL (file missing)
O2 - BHO: Class - {5E72CEE7-CBA9-6EA8-6BD5-672ABB5AF46C} - C:\WINDOWS\APILG.DLL (file missing)
O2 - BHO: Class - {EB3E7E13-02B2-EFC8-085D-F71E98CAF509} - C:\WINDOWS\SYSTEM\JAVAFT32.DLL (file missing)
O2 - BHO: Class - {E99402A8-6CAD-6011-4227-8BE145489A72} - C:\WINDOWS\SYSTEM\JAVAPK32.DLL (file missing)
O2 - BHO: Class - {BF9AAF26-9064-6C4F-091C-07C0FEDA8044} - C:\WINDOWS\WINDV.DLL (file missing)
O2 - BHO: Class - {3BDA5C2B-5649-24F9-6A44-22FDF760EFBB} - C:\WINDOWS\SYSTEM\APIBO.DLL (file missing)
O2 - BHO: Class - {B0306DEB-BBD3-5C3B-9594-EBC25BA84BF8} - C:\WINDOWS\SYSTEM\APPIY.DLL (file missing)
O2 - BHO: Class - {A82A02CC-65E3-A41A-62AD-6DC403543011} - C:\WINDOWS\IPFJ32.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Class - {AD1DBCC5-1F76-3EE9-F75D-5E646CBA5DF8} - C:\WINDOWS\SYSTF.DLL (file missing)
O2 - BHO: Class - {0408BD9F-FBE0-566C-EBDA-DBC97DA7E144} - C:\WINDOWS\NTVF.DLL (file missing)
O2 - BHO: Class - {8763C5DA-0086-6A3C-33BE-57FD86A2E121} - C:\WINDOWS\SYSTEM\ADDGP.DLL (file missing)
O2 - BHO: Class - {316D6034-8672-118C-728F-D9D78EFEA265} - C:\WINDOWS\ATLEK.DLL (file missing)
O2 - BHO: Class - {737E2B23-4481-EB76-174F-477D913E7AA3} - C:\WINDOWS\SYSTEM\ADDII32.DLL (file missing)
O2 - BHO: Class - {57D7ADC8-B570-91D3-461E-38037D7868D0} - C:\WINDOWS\SYSTEM\JAVAGW32.DLL
O2 - BHO: Class - {4C929281-787B-C661-4821-B4EE5169FF8C} - C:\WINDOWS\SYSTEM\APIWB.DLL (file missing)
O2 - BHO: Class - {F0D5369E-9114-47AB-B1CA-76F455C0CFD1} - C:\WINDOWS\WINXP32.DLL (file missing)
O2 - BHO: Class - {9C0FBA5F-3F3D-397E-15C0-85E3828D8424} - C:\WINDOWS\MSOO.DLL (file missing)
O2 - BHO: Class - {853960FB-BE2D-A02D-0AF4-FE92BED9B76F} - C:\WINDOWS\SYSTEM\SYSYD.DLL (file missing)
O2 - BHO: Class - {B61BACAE-2CB6-EF24-C53E-8CA0B2907B91} - C:\WINDOWS\SYSOW.DLL (file missing)
O2 - BHO: Class - {BB32FFA6-E089-668D-E5AD-954034F388EC} - C:\WINDOWS\SYSTEM\MFCZO32.DLL (file missing)
O2 - BHO: Class - {805F48E9-3012-1459-6E21-A0B40429FD48} - C:\WINDOWS\SYSTEM\SYSWL32.DLL (file missing)
O2 - BHO: Class - {8E94E12D-82FB-A5DD-B787-5B86D538F6BF} - C:\WINDOWS\NETRD32.DLL (file missing)
O2 - BHO: Class - {79215374-7B27-A899-FBC1-3D321BA35AE9} - C:\WINDOWS\MSQJ32.DLL (file missing)
O2 - BHO: Class - {69A8956B-7ACA-79FD-92BF-5F3E74F6063C} - C:\WINDOWS\SYSTEM\SYSOE32.DLL (file missing)
O2 - BHO: Class - {F492FBA5-5668-CA6F-54F7-6A546017A1BA} - C:\WINDOWS\SYSTEM\IEOO32.DLL (file missing)
O2 - BHO: Class - {6F2EB59A-6F50-8B14-0D7D-BCC43DC7177A} - C:\WINDOWS\WINXB32.DLL (file missing)
O2 - BHO: Class - {2AB07CAC-2D55-4A38-8D00-5229FCA0DBED} - C:\WINDOWS\SYSTEM\NETNV.DLL (file missing)
O2 - BHO: Class - {52F7369D-0872-7872-D312-5B7E653BCDC4} - C:\WINDOWS\SYSTEM\IERT.DLL (file missing)
O2 - BHO: Class - {4A6CF2F7-DDDD-2A8C-FF62-94A72AA7954F} - C:\WINDOWS\APPKI32.DLL
O2 - BHO: Class - {9A5C3A3F-8512-4B05-8DD1-E190DD541F17} - C:\WINDOWS\SYSTEM\APPQY32.DLL (file missing)
O2 - BHO: Class - {43DD5961-CA21-309E-A707-F9C0813A3D33} - C:\WINDOWS\SYSTEM\CRER32.DLL (file missing)
O2 - BHO: Class - {70590428-FB03-7A67-515B-430D74B04FA4} - C:\WINDOWS\SYSTEM\MFCFJ.DLL (file missing)
O2 - BHO: Class - {E04B2E72-AF5D-42B4-27C2-1DFBEB4A9650} - C:\WINDOWS\IPCT.DLL (file missing)
O2 - BHO: Class - {CC12F8F4-58FB-F424-BB38-E47C13960419} - C:\WINDOWS\SYSTEM\APIWJ.DLL (file missing)
O2 - BHO: Class - {C1B2CC1A-DD3F-7AC3-6E0B-5A177E2A5CE6} - C:\WINDOWS\NTOC32.DLL (file missing)
O2 - BHO: Class - {D7678144-36BD-CABB-B257-C47FF48322B3} - C:\WINDOWS\SYSTEM\MSFU32.DLL (file missing)
O2 - BHO: Class - {DAC94D83-35DB-56CB-E0DC-071478A46ECF} - C:\WINDOWS\SDKDR32.DLL (file missing)
O2 - BHO: Class - {0317AD98-9368-D476-5B88-92ABD481A6D3} - C:\WINDOWS\IEGW32.DLL (file missing)
O2 - BHO: Class - {A006325B-CDDD-9214-0C39-240125681B78} - C:\WINDOWS\MSMS32.DLL (file missing)
O2 - BHO: Class - {FBE082F8-A0D5-70CD-EB90-9C45156A5E8A} - C:\WINDOWS\D3IM32.DLL (file missing)
O2 - BHO: Class - {E4FD7B6B-5237-72CA-7119-58038BA73734} - C:\WINDOWS\SYSTEM\IPUW32.DLL (file missing)
O2 - BHO: Class - {1323FD2C-C2E1-DE0A-5130-CFEAD2AAF490} - C:\WINDOWS\MSRP.DLL (file missing)
O2 - BHO: Class - {174A3954-A3DC-5E4D-FDE9-9589A7D3AC69} - C:\WINDOWS\MFCAR.DLL (file missing)
O2 - BHO: Class - {C28E57E7-AA77-D098-C622-BCA94EE277CC} - C:\WINDOWS\SYSTEM\CRPB32.DLL (file missing)
O2 - BHO: Class - {5964E3A2-2B4D-8894-0FC6-3BCB784625AD} - C:\WINDOWS\IPHB32.DLL (file missing)
O2 - BHO: Class - {3BB31146-3116-E523-81A1-39DC94BD27E5} - C:\WINDOWS\SDKMM.DLL (file missing)
O2 - BHO: Class - {E4347CF2-9AD1-BC8B-54FA-8C960CAB80FE} - C:\WINDOWS\SYSTEM\NETZR32.DLL (file missing)
O2 - BHO: Class - {76E936D9-D854-90B8-286E-78D1A5FD10D6} - C:\WINDOWS\SYSTEM\ATLXS.DLL (file missing)
O2 - BHO: Class - {2CDE3D2A-E587-41C7-9CE3-6C42DA8EA8BA} - C:\WINDOWS\SYSTEM\MFCXS32.DLL (file missing)
O2 - BHO: Class - {98C86A35-29E0-BCE9-E2DD-A478A37E2E2F} - C:\WINDOWS\SYSTEM\CRGJ.DLL (file missing)
O2 - BHO: Class - {D2278A6D-7AB7-3BA8-4BD1-A30D480B2914} - C:\WINDOWS\SYSTEM\APPSB32.DLL (file missing)
O2 - BHO: Class - {A737D6BA-19D7-F827-0FCA-A1970DCD983C} - C:\WINDOWS\SYSTEM\D3KN32.DLL (file missing)
O2 - BHO: ]äÀÒõ‡{')2·3¡Ö@¤y - Data - (no file)
O2 - BHO: Class - {F668D066-07D4-51E5-B567-4852D4C00B49} - C:\WINDOWS\SYSTEM\ATLZK.DLL (file missing)
O2 - BHO: Class - {E655B30E-6312-F0CC-F75E-35C1460C02FD} - C:\WINDOWS\SDKNN32.DLL (file missing)
O2 - BHO: Class - {4EB6319E-49FF-C8C6-FBBF-07BAC7CCFC75} - C:\WINDOWS\CRIC32.DLL (file missing)
O2 - BHO: Class - {A3DEAF74-6173-A931-A080-C91BB529A80E} - C:\WINDOWS\SYSTEM\APPPF32.DLL (file missing)
O2 - BHO: Class - {F5F0086E-C12D-DA23-939A-802FE220ADD3} - C:\WINDOWS\NETPR.DLL (file missing)
O2 - BHO: Class - {149FF75A-CFF6-2848-6EDA-3935097F0675} - C:\WINDOWS\ADDKK.DLL
O2 - BHO: Class - {5C6C89CE-8B09-EB67-08A6-ADCBA95BB4E3} - C:\WINDOWS\IPEI32.DLL (file missing)
O2 - BHO: Class - {F0D9B410-3C4F-707C-2E2D-529E64AA2118} - C:\WINDOWS\ATLQN.DLL (file missing)
O2 - BHO: Class - {7CC0602C-1895-21A0-C895-02B92C46C654} - C:\WINDOWS\JAVAUK.DLL (file missing)
O2 - BHO: Class - {CF546225-341C-30CE-6E17-98A3B9CEEB9D} - C:\WINDOWS\MSHE32.DLL (file missing)
O2 - BHO: Class - {29CAC2B2-5404-8226-89CD-9661EC3C744F} - C:\WINDOWS\SYSTEM\SDKUC.DLL (file missing)
O2 - BHO: Class - {B46E1113-30C3-D6F5-A9AD-77F24D480A73} - C:\WINDOWS\SYSTEM\APPNU.DLL (file missing)
O2 - BHO: Class - {15DB374F-A188-8A46-3C99-8A0FD007ABA7} - C:\WINDOWS\SYSTEM\APIHG.DLL (file missing)
O2 - BHO: Class - {09D55E10-2E07-7D53-29FE-5C3AF9DB4D7A} - C:\WINDOWS\ADDPZ32.DLL (file missing)
O2 - BHO: C:\WINDOWS\SYSTEM\JAVAPK32.DLL - InprocServer32 - (no file)
O2 - BHO: Class - {C964ABCA-619A-D517-19F0-3D02D7587F99} - C:\WINDOWS\NTDO.DLL (file missing)
O2 - BHO: Class - {36831713-F302-4755-78D3-A8F257D74FEF} - C:\WINDOWS\SYSTEM\NTPB32.DLL (file missing)
O2 - BHO: Class - {BB1D4CD3-FD52-C41F-0B05-6F49024773BD} - C:\WINDOWS\SYSTEM\NETHJ32.DLL (file missing)
O2 - BHO: Class - {60EE3993-541E-55E9-33E9-BB7AB0AC2EF3} - C:\WINDOWS\SYSTEM\APPNG.DLL (file missing)
O2 - BHO: Class - {6A361680-C454-C714-DE0E-8D884A7960E2} - C:\WINDOWS\SYSTEM\ATLYI32.DLL (file missing)
O2 - BHO: (no name) - {C9AD70A1-DF59-11D8-B83F-00E095CF4BA0} - C:\WINDOWS\SYSTEM\BBKFD.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmer\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmer\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LWBMOUSE] C:\app\lwbwheel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MFCHK32.EXE] C:\WINDOWS\SYSTEM\MFCHK32.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [ADDSA32.EXE] C:\WINDOWS\SYSTEM\ADDSA32.EXE
O4 - HKLM\..\RunServices: [NETED32.EXE] C:\WINDOWS\NETED32.EXE
O4 - HKLM\..\RunServices: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
O4 - HKLM\..\RunServices: [NTQG32.EXE] C:\WINDOWS\NTQG32.EXE
O4 - HKLM\..\RunServices: [ATLKA.EXE] C:\WINDOWS\SYSTEM\ATLKA.EXE
O4 - HKLM\..\RunServices: [ADDPA32.EXE] C:\WINDOWS\SYSTEM\ADDPA32.EXE
O4 - HKLM\..\RunServices: [NETWL.EXE] C:\WINDOWS\SYSTEM\NETWL.EXE
O4 - HKLM\..\RunServices: [IPFZ32.EXE] C:\WINDOWS\SYSTEM\IPFZ32.EXE
O4 - HKLM\..\RunServices: [ATLLC.EXE] C:\WINDOWS\SYSTEM\ATLLC.EXE
O4 - HKLM\..\RunServices: [NTJX32.EXE] C:\WINDOWS\NTJX32.EXE
O4 - HKLM\..\RunServices: [IEUJ.EXE] C:\WINDOWS\SYSTEM\IEUJ.EXE
O4 - HKLM\..\RunServices: [SDKGL32.EXE] C:\WINDOWS\SYSTEM\SDKGL32.EXE
O4 - HKLM\..\RunServices: [ADDBX.EXE] C:\WINDOWS\ADDBX.EXE
O4 - HKLM\..\RunServices: [NTFA32.EXE] C:\WINDOWS\NTFA32.EXE
O4 - HKLM\..\RunServices: [JAVAOT.EXE] C:\WINDOWS\JAVAOT.EXE
O4 - HKLM\..\RunServices: [D3NB32.EXE] C:\WINDOWS\SYSTEM\D3NB32.EXE
O4 - HKLM\..\RunServices: [ATLRZ32.EXE] C:\WINDOWS\ATLRZ32.EXE
O4 - HKLM\..\RunServices: [MSIB32.EXE] C:\WINDOWS\MSIB32.EXE
O4 - HKLM\..\RunServices: [SDKML.EXE] C:\WINDOWS\SYSTEM\SDKML.EXE
O4 - HKLM\..\RunServices: [JAVALI32.EXE] C:\WINDOWS\SYSTEM\JAVALI32.EXE
O4 - HKLM\..\RunServices: [MSDB32.EXE] C:\WINDOWS\MSDB32.EXE
O4 - HKLM\..\RunServices: [NETXN.EXE] C:\WINDOWS\NETXN.EXE
O4 - HKLM\..\RunServices: [SYSGR.EXE] C:\WINDOWS\SYSTEM\SYSGR.EXE
O4 - HKLM\..\RunServices: [IPYY32.EXE] C:\WINDOWS\SYSTEM\IPYY32.EXE
O4 - HKLM\..\RunServices: [APPJP.EXE] C:\WINDOWS\APPJP.EXE
O4 - HKLM\..\RunServices: [NETPX32.EXE] C:\WINDOWS\SYSTEM\NETPX32.EXE
O4 - HKLM\..\RunServices: [APPJU32.EXE] C:\WINDOWS\SYSTEM\APPJU32.EXE
O4 - HKLM\..\RunServices: [MFCJS.EXE] C:\WINDOWS\SYSTEM\MFCJS.EXE
O4 - HKLM\..\RunServices: [NETVW32.EXE] C:\WINDOWS\NETVW32.EXE
O4 - HKLM\..\RunServices: [IPPI.EXE] C:\WINDOWS\SYSTEM\IPPI.EXE
O4 - HKLM\..\RunServices: [MFCGA32.EXE] C:\WINDOWS\MFCGA32.EXE
O4 - HKLM\..\RunServices: [ATLUR32.EXE] C:\WINDOWS\SYSTEM\ATLUR32.EXE
O4 - HKLM\..\RunServices: [ATLOX.EXE] C:\WINDOWS\SYSTEM\ATLOX.EXE
O4 - HKLM\..\RunServices: [CRCM.EXE] C:\WINDOWS\SYSTEM\CRCM.EXE
O4 - HKLM\..\RunServices: [IPVN.EXE] C:\WINDOWS\IPVN.EXE
O4 - HKLM\..\RunServices: [ATLCH32.EXE] C:\WINDOWS\SYSTEM\ATLCH32.EXE
O4 - HKLM\..\RunServices: [IPGJ32.EXE] C:\WINDOWS\SYSTEM\IPGJ32.EXE
O4 - HKLM\..\RunServices: [ATLJJ32.EXE] C:\WINDOWS\SYSTEM\ATLJJ32.EXE
O4 - HKLM\..\RunServices: [ATLKR.EXE] C:\WINDOWS\ATLKR.EXE
O4 - HKLM\..\RunServices: [WINSM32.EXE] C:\WINDOWS\SYSTEM\WINSM32.EXE
O4 - HKLM\..\RunServices: [NETNH.EXE] C:\WINDOWS\NETNH.EXE
O4 - HKLM\..\RunServices: [MFCKX.EXE] C:\WINDOWS\SYSTEM\MFCKX.EXE
O4 - HKLM\..\RunServices: [MFCUR.EXE] C:\WINDOWS\SYSTEM\MFCUR.EXE
O4 - HKLM\..\RunServices: [SDKOU32.EXE] C:\WINDOWS\SYSTEM\SDKOU32.EXE
O4 - HKLM\..\RunServices: [CRDH.EXE] C:\WINDOWS\CRDH.EXE
O4 - HKLM\..\RunServices: [APIWQ32.EXE] C:\WINDOWS\SYSTEM\APIWQ32.EXE
O4 - HKLM\..\RunServices: [JAVAWR32.EXE] C:\WINDOWS\SYSTEM\JAVAWR32.EXE
O4 - HKLM\..\RunServices: [MFCKE32.EXE] C:\WINDOWS\MFCKE32.EXE
O4 - HKLM\..\RunServices: [ATLGL32.EXE] C:\WINDOWS\SYSTEM\ATLGL32.EXE
O4 - HKLM\..\RunServices: [WINGR32.EXE] C:\WINDOWS\WINGR32.EXE
O4 - HKLM\..\RunServices: [D3QN.EXE] C:\WINDOWS\D3QN.EXE
O4 - HKLM\..\RunServices: [CRMG.EXE] C:\WINDOWS\SYSTEM\CRMG.EXE
O4 - HKLM\..\RunServices: [IEDB32.EXE] C:\WINDOWS\IEDB32.EXE
O4 - HKLM\..\RunServices: [IEQP32.EXE] C:\WINDOWS\SYSTEM\IEQP32.EXE
O4 - HKLM\..\RunServices: [CRKX32.EXE] C:\WINDOWS\CRKX32.EXE
O4 - HKLM\..\RunServices: [ADDPX.EXE] C:\WINDOWS\ADDPX.EXE
O4 - HKLM\..\RunServices: [IEJO32.EXE] C:\WINDOWS\SYSTEM\IEJO32.EXE
O4 - HKLM\..\RunServices: [JAVAPC32.EXE] C:\WINDOWS\SYSTEM\JAVAPC32.EXE
O4 - HKLM\..\RunServices: [NTXZ32.EXE] C:\WINDOWS\NTXZ32.EXE
O4 - HKLM\..\RunServices: [SDKRQ32.EXE] C:\WINDOWS\SYSTEM\SDKRQ32.EXE
O4 - HKLM\..\RunServices: [IPLW32.EXE] C:\WINDOWS\SYSTEM\IPLW32.EXE
O4 - HKLM\..\RunServices: [NTDY32.EXE] C:\WINDOWS\SYSTEM\NTDY32.EXE
O4 - HKLM\..\RunServices: [APIQT.EXE] C:\WINDOWS\APIQT.EXE
O4 - HKLM\..\RunServices: [ATLCL32.EXE] C:\WINDOWS\ATLCL32.EXE
O4 - HKLM\..\RunServices: [D3CJ32.EXE] C:\WINDOWS\D3CJ32.EXE
O4 - HKLM\..\RunServices: [SDKIJ32.EXE] C:\WINDOWS\SYSTEM\SDKIJ32.EXE
O4 - HKLM\..\RunServices: [JAVAGP.EXE] C:\WINDOWS\JAVAGP.EXE
O4 - HKLM\..\RunServices: [WINCM32.EXE] C:\WINDOWS\WINCM32.EXE
O4 - HKLM\..\RunServices: [ADDEY32.EXE] C:\WINDOWS\SYSTEM\ADDEY32.EXE
O4 - HKLM\..\RunServices: [SDKNM32.EXE] C:\WINDOWS\SDKNM32.EXE
O4 - HKLM\..\RunServices: [MFCNZ.EXE] C:\WINDOWS\SYSTEM\MFCNZ.EXE
O4 - HKLM\..\RunServices: [CROK.EXE] C:\WINDOWS\SYSTEM\CROK.EXE
O4 - HKLM\..\RunServices: [APPEK32.EXE] C:\WINDOWS\SYSTEM\APPEK32.EXE
O4 - HKLM\..\RunServices: [IETL.EXE] C:\WINDOWS\SYSTEM\IETL.EXE
O4 - HKLM\..\RunServices: [NETRE.EXE] C:\WINDOWS\SYSTEM\NETRE.EXE
O4 - HKLM\..\RunServices: [MSJC.EXE] C:\WINDOWS\SYSTEM\MSJC.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Dell Computer\Dell Image Expert\IXApplet.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

Det er sgu da kinesisk det her.
Avatar billede andersenph Nybegynder
27. juli 2004 - 00:04 #6
Ja tak for kaffe!!!!
Jeg har ikke set sådan en log før.
Den kommer til at tage noget tid...
Avatar billede andersenph Nybegynder
27. juli 2004 - 00:18 #7
Her er hvad du skal starte med at gøre:
Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware
Hent og opdater CWShredder: http://home8.inet.tele.dk/fbj/CWShredder.exe

Lad de to programmer ligge lidt endnu, du skal bruge dem længere nede.
-------------
Så skal vi lige være sikre på at du kan se alle filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-------------


Genstart i fejlsikret tilstand (Du trykker F8 ved opstart)

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse som skal fixes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lmgkb.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lmgkb.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lmgkb.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\lmgkb.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\lmgkb.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lmgkb.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FÆLLES~1\REAL\TOOLBAR\REALBAR.DLL (file missing)

Alle 02 med file missing

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" –osboot

O4 - HKLM\..\RunServices: [ADDSA32.EXE] C:\WINDOWS\SYSTEM\ADDSA32.EXE
O4 - HKLM\..\RunServices: [NETED32.EXE] C:\WINDOWS\NETED32.EXE
O4 - HKLM\..\RunServices: [MFCCA.EXE] C:\WINDOWS\SYSTEM\MFCCA.EXE
O4 - HKLM\..\RunServices: [NTQG32.EXE] C:\WINDOWS\NTQG32.EXE
O4 - HKLM\..\RunServices: [ATLKA.EXE] C:\WINDOWS\SYSTEM\ATLKA.EXE
O4 - HKLM\..\RunServices: [ADDPA32.EXE] C:\WINDOWS\SYSTEM\ADDPA32.EXE
O4 - HKLM\..\RunServices: [NETWL.EXE] C:\WINDOWS\SYSTEM\NETWL.EXE
O4 - HKLM\..\RunServices: [IPFZ32.EXE] C:\WINDOWS\SYSTEM\IPFZ32.EXE
O4 - HKLM\..\RunServices: [ATLLC.EXE] C:\WINDOWS\SYSTEM\ATLLC.EXE
O4 - HKLM\..\RunServices: [NTJX32.EXE] C:\WINDOWS\NTJX32.EXE
O4 - HKLM\..\RunServices: [IEUJ.EXE] C:\WINDOWS\SYSTEM\IEUJ.EXE
O4 - HKLM\..\RunServices: [SDKGL32.EXE] C:\WINDOWS\SYSTEM\SDKGL32.EXE
O4 - HKLM\..\RunServices: [ADDBX.EXE] C:\WINDOWS\ADDBX.EXE
O4 - HKLM\..\RunServices: [NTFA32.EXE] C:\WINDOWS\NTFA32.EXE
O4 - HKLM\..\RunServices: [JAVAOT.EXE] C:\WINDOWS\JAVAOT.EXE
O4 - HKLM\..\RunServices: [D3NB32.EXE] C:\WINDOWS\SYSTEM\D3NB32.EXE
O4 - HKLM\..\RunServices: [ATLRZ32.EXE] C:\WINDOWS\ATLRZ32.EXE
O4 - HKLM\..\RunServices: [MSIB32.EXE] C:\WINDOWS\MSIB32.EXE
O4 - HKLM\..\RunServices: [SDKML.EXE] C:\WINDOWS\SYSTEM\SDKML.EXE
O4 - HKLM\..\RunServices: [JAVALI32.EXE] C:\WINDOWS\SYSTEM\JAVALI32.EXE
O4 - HKLM\..\RunServices: [MSDB32.EXE] C:\WINDOWS\MSDB32.EXE
O4 - HKLM\..\RunServices: [NETXN.EXE] C:\WINDOWS\NETXN.EXE
O4 - HKLM\..\RunServices: [SYSGR.EXE] C:\WINDOWS\SYSTEM\SYSGR.EXE
O4 - HKLM\..\RunServices: [IPYY32.EXE] C:\WINDOWS\SYSTEM\IPYY32.EXE
O4 - HKLM\..\RunServices: [APPJP.EXE] C:\WINDOWS\APPJP.EXE
O4 - HKLM\..\RunServices: [NETPX32.EXE] C:\WINDOWS\SYSTEM\NETPX32.EXE
O4 - HKLM\..\RunServices: [APPJU32.EXE] C:\WINDOWS\SYSTEM\APPJU32.EXE
O4 - HKLM\..\RunServices: [MFCJS.EXE] C:\WINDOWS\SYSTEM\MFCJS.EXE
O4 - HKLM\..\RunServices: [NETVW32.EXE] C:\WINDOWS\NETVW32.EXE
O4 - HKLM\..\RunServices: [IPPI.EXE] C:\WINDOWS\SYSTEM\IPPI.EXE
O4 - HKLM\..\RunServices: [MFCGA32.EXE] C:\WINDOWS\MFCGA32.EXE
O4 - HKLM\..\RunServices: [ATLUR32.EXE] C:\WINDOWS\SYSTEM\ATLUR32.EXE
O4 - HKLM\..\RunServices: [ATLOX.EXE] C:\WINDOWS\SYSTEM\ATLOX.EXE
O4 - HKLM\..\RunServices: [CRCM.EXE] C:\WINDOWS\SYSTEM\CRCM.EXE
O4 - HKLM\..\RunServices: [IPVN.EXE] C:\WINDOWS\IPVN.EXE
O4 - HKLM\..\RunServices: [ATLCH32.EXE] C:\WINDOWS\SYSTEM\ATLCH32.EXE
O4 - HKLM\..\RunServices: [IPGJ32.EXE] C:\WINDOWS\SYSTEM\IPGJ32.EXE
O4 - HKLM\..\RunServices: [ATLJJ32.EXE] C:\WINDOWS\SYSTEM\ATLJJ32.EXE
O4 - HKLM\..\RunServices: [ATLKR.EXE] C:\WINDOWS\ATLKR.EXE
O4 - HKLM\..\RunServices: [WINSM32.EXE] C:\WINDOWS\SYSTEM\WINSM32.EXE
O4 - HKLM\..\RunServices: [NETNH.EXE] C:\WINDOWS\NETNH.EXE
O4 - HKLM\..\RunServices: [MFCKX.EXE] C:\WINDOWS\SYSTEM\MFCKX.EXE
O4 - HKLM\..\RunServices: [MFCUR.EXE] C:\WINDOWS\SYSTEM\MFCUR.EXE
O4 - HKLM\..\RunServices: [SDKOU32.EXE] C:\WINDOWS\SYSTEM\SDKOU32.EXE
O4 - HKLM\..\RunServices: [CRDH.EXE] C:\WINDOWS\CRDH.EXE
O4 - HKLM\..\RunServices: [APIWQ32.EXE] C:\WINDOWS\SYSTEM\APIWQ32.EXE
O4 - HKLM\..\RunServices: [JAVAWR32.EXE] C:\WINDOWS\SYSTEM\JAVAWR32.EXE
O4 - HKLM\..\RunServices: [MFCKE32.EXE] C:\WINDOWS\MFCKE32.EXE
O4 - HKLM\..\RunServices: [ATLGL32.EXE] C:\WINDOWS\SYSTEM\ATLGL32.EXE
O4 - HKLM\..\RunServices: [WINGR32.EXE] C:\WINDOWS\WINGR32.EXE
O4 - HKLM\..\RunServices: [D3QN.EXE] C:\WINDOWS\D3QN.EXE
O4 - HKLM\..\RunServices: [CRMG.EXE] C:\WINDOWS\SYSTEM\CRMG.EXE
O4 - HKLM\..\RunServices: [IEDB32.EXE] C:\WINDOWS\IEDB32.EXE
O4 - HKLM\..\RunServices: [IEQP32.EXE] C:\WINDOWS\SYSTEM\IEQP32.EXE
O4 - HKLM\..\RunServices: [CRKX32.EXE] C:\WINDOWS\CRKX32.EXE
O4 - HKLM\..\RunServices: [ADDPX.EXE] C:\WINDOWS\ADDPX.EXE
O4 - HKLM\..\RunServices: [IEJO32.EXE] C:\WINDOWS\SYSTEM\IEJO32.EXE
O4 - HKLM\..\RunServices: [JAVAPC32.EXE] C:\WINDOWS\SYSTEM\JAVAPC32.EXE
O4 - HKLM\..\RunServices: [NTXZ32.EXE] C:\WINDOWS\NTXZ32.EXE
O4 - HKLM\..\RunServices: [SDKRQ32.EXE] C:\WINDOWS\SYSTEM\SDKRQ32.EXE
O4 - HKLM\..\RunServices: [IPLW32.EXE] C:\WINDOWS\SYSTEM\IPLW32.EXE
O4 - HKLM\..\RunServices: [NTDY32.EXE] C:\WINDOWS\SYSTEM\NTDY32.EXE
O4 - HKLM\..\RunServices: [APIQT.EXE] C:\WINDOWS\APIQT.EXE
O4 - HKLM\..\RunServices: [ATLCL32.EXE] C:\WINDOWS\ATLCL32.EXE
O4 - HKLM\..\RunServices: [D3CJ32.EXE] C:\WINDOWS\D3CJ32.EXE
O4 - HKLM\..\RunServices: [SDKIJ32.EXE] C:\WINDOWS\SYSTEM\SDKIJ32.EXE
O4 - HKLM\..\RunServices: [JAVAGP.EXE] C:\WINDOWS\JAVAGP.EXE
O4 - HKLM\..\RunServices: [WINCM32.EXE] C:\WINDOWS\WINCM32.EXE
O4 - HKLM\..\RunServices: [ADDEY32.EXE] C:\WINDOWS\SYSTEM\ADDEY32.EXE
O4 - HKLM\..\RunServices: [SDKNM32.EXE] C:\WINDOWS\SDKNM32.EXE
O4 - HKLM\..\RunServices: [MFCNZ.EXE] C:\WINDOWS\SYSTEM\MFCNZ.EXE
O4 - HKLM\..\RunServices: [CROK.EXE] C:\WINDOWS\SYSTEM\CROK.EXE
O4 - HKLM\..\RunServices: [APPEK32.EXE] C:\WINDOWS\SYSTEM\APPEK32.EXE
O4 - HKLM\..\RunServices: [IETL.EXE] C:\WINDOWS\SYSTEM\IETL.EXE
O4 - HKLM\..\RunServices: [NETRE.EXE] C:\WINDOWS\SYSTEM\NETRE.EXE
O4 - HKLM\..\RunServices: [MSJC.EXE] C:\WINDOWS\SYSTEM\MSJC.EXE

O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL


--------

Find og slet følgende stadig i fejlsikret tilstand.

C:\windows\TEMP\sp.html -> Slet ALT i mappen "Temp"
C:\PROGRA~1\FÆLLES~1\REAL\TOOLBAR\REALBAR.DLL
C:\WINDOWS\system\lmgkb.dll
Alle de C:\WINDOWS\SYSTEM\ filer jeg har listet ovenfor.


--------
Nu kører du en scanning med Ad-Aware og fjerner, hvad den finder.
Og så kører du programmet CWShredder, se herunder hvad du skal gøre.

Angående CWShredder:
Opret en mappe kun til CWShredder.
Kør programmet, tjek for updates, afbryd din internetforbindelse fysisk (stikket ud), luk alle vinduer undtaget cwshredder, klik på Fix, den scanner nu, når den er færdigt klik på Next, klik på Exit.

-------
Genstart normalt.

Prøv så en tur med Regedit.
Klik på Start->Kør skriv regedit og klik OK.
Du får et vindue lidt ligesom stifinder.
Klik dig frem til:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Tjek om der ligger en nøgle/tekst der hedder "HOMEOldSP", gør der det slet den.
Klik så på "Denne computer" i Regeditvinduet, derefter på "Redigér->Søg" skriv "Homeoldsp" klik på "find næste" slet det den finder og tryk på <F3> slet, <F3> til du får at vide at søgningen er afsluttet.
Samme fremgangsmåde med søgeordet About:blank.

------
Genstart i normal tilstand endnu en gang og kom med en ny hijackthislog.
Avatar billede mogensd Nybegynder
27. juli 2004 - 00:54 #8
Det ser voldsomt ud, men vil starte fra en ende af (i morgen) Foreløbig tusind tak for en hurtig og professionel løsning. Jeg vender tilbage hurtigst muligt i morgen.
Avatar billede andersenph Nybegynder
27. juli 2004 - 10:04 #9
Det er bare i orden.
Jeg kigger ind i ny og næ i løbet af dagen, så hvis jeg ikke lige svarer med det samme, så hav tålmodighed :O)
Avatar billede mogensd Nybegynder
28. juli 2004 - 13:52 #10
I formiddags sendte jeg en besked/spørgsmål - ser ikke ud til at være kommet frem, så derfor forsøger jeg med en gentagelse:
Har foretaget de ting du beskrev, dog kunne jeg ikke installere Ad-aware af en eller anden grund. Jeg havde dog i forvejen et par andre programmer liggende Spysweeper som har fundet noget (en del) som jeg desværre ikke kan slette, bl.a. nogle NETED.32EXE ? Ved normal opstart af IE fra skrivebordet får jeg nu en anden og ny startside jeg heller ikke kan ændre på normal vis:wbiur.dll (Home search).Jeg vedlægger lige en ny Hijack, den kan måske afsløre hvad jeg ikke har gjort/mangler at gøre ?
Logfile of HijackThis v1.98.0
Scan saved at 09:51:20, on 28-07-04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NETED32.EXE
C:\WINDOWS\IETS32.EXE
C:\WINDOWS\SYSXG32.EXE
C:\WINDOWS\SYSTEM\MFCHK32.EXE
C:\WINDOWS\APPUT32.EXE
C:\WINDOWS\CREO.EXE
C:\WINDOWS\SYSTEM\SDKKD32.EXE
C:\WINDOWS\D3DT32.EXE
C:\WINDOWS\SYSYE.EXE
C:\WINDOWS\MFCYS.EXE
C:\WINDOWS\SYSTEM\IEWW32.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\SYSTEM\ADDRI32.EXE
C:\WINDOWS\WINUO32.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\APP\LWBWHEEL.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAMMER\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAMMER\DELL COMPUTER\DELL IMAGE EXPERT\IXAPPLET.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\SYSTEM\ATLMN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\SYSYE.EXE
C:\WINDOWS\WINUO32.EXE
C:\WINDOWS\SYSYE.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\WINUO32.EXE
C:\WINDOWS\SYSTEM\APPCT.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSYE.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\WINUO32.EXE
C:\WINDOWS\SYSTEM\IEKN32.EXE
C:\WINDOWS\SYSTEM\IEKN32.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\WINUO32.EXE
C:\WINDOWS\MSWS.EXE
C:\WINDOWS\SYSTEM\MFCHK32.EXE
C:\WINDOWS\SYSTEM\SYSLR32.EXE
C:\WINDOWS\SYSTEM\NETZQ32.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbiur.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wbiur.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wbiur.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wbiur.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbiur.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wbiur.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {316D6034-8672-118C-728F-D9D78EFEA265} - C:\WINDOWS\ATLEK.DLL (file missing)
O2 - BHO: Class - {8E94E12D-82FB-A5DD-B787-5B86D538F6BF} - C:\WINDOWS\NETRD32.DLL (file missing)
O2 - BHO: Class - {43DD5961-CA21-309E-A707-F9C0813A3D33} - C:\WINDOWS\SYSTEM\CRER32.DLL (file missing)
O2 - BHO: Class - {A006325B-CDDD-9214-0C39-240125681B78} - C:\WINDOWS\MSMS32.DLL (file missing)
O2 - BHO: Class - {FBE082F8-A0D5-70CD-EB90-9C45156A5E8A} - C:\WINDOWS\D3IM32.DLL (file missing)
O2 - BHO: ]äÀÒõ‡{')2·3¡Ö@¤y - Data - (no file)
O2 - BHO: C:\WINDOWS\SYSTEM\JAVAPK32.DLL - InprocServer32 - (no file)
O2 - BHO: Class - {A2563C50-FEE3-7E41-3234-5C1758728522} - C:\WINDOWS\SYSTEM\JAVAXO.DLL (file missing)
O2 - BHO: Class - {B0306DEB-BBD3-5C3B-9594-EBC25BA84BF8} - C:\WINDOWS\SYSTEM\APPIY.DLL
O2 - BHO: Class - {A8BD9C38-D1DD-A874-F18E-BE3BA429FC7D} - C:\WINDOWS\MFCXI32.DLL (file missing)
O2 - BHO: Class - {5E72CEE7-CBA9-6EA8-6BD5-672ABB5AF46C} - C:\WINDOWS\APILG.DLL (file missing)
O2 - BHO: Class - {6C95404A-E5AF-4D52-3E8A-81F9CF4E4876} - C:\WINDOWS\JAVAAI.DLL (file missing)
O2 - BHO: Class - {05C692D5-DCB9-8CC3-6E86-C453115CFEB4} - C:\WINDOWS\SYSTEM\D3ZI32.DLL (file missing)
O2 - BHO: Class - {32CEA936-E07D-3518-1265-BED8174E16CE} - C:\WINDOWS\WINHK.DLL
O2 - BHO: Class - {A00E8BE1-F4AB-F036-EC5E-9DBF9092B2A8} - C:\WINDOWS\CRCS.DLL (file missing)
O2 - BHO: Class - {FB2785DC-6C8E-B839-61C8-3F6127DC95AB} - C:\WINDOWS\SYSTEM\NTPN.DLL
O2 - BHO: Class - {E2B4FCC5-E7C0-FD6E-9969-152F9F01DBD7} - C:\WINDOWS\MFCXA.DLL (file missing)
O2 - BHO: Class - {AB7897DF-B84C-91D1-F3BA-557F270913BC} - C:\WINDOWS\SYSTEM\MSWZ.DLL (file missing)
O2 - BHO: Class - {954C9901-1DEE-E71F-C75D-371525C4626D} - C:\WINDOWS\SYSTEM\NETOU.DLL (file missing)
O2 - BHO: Class - {897D506F-286C-3DFB-3B9D-97E50E4FBE10} - C:\WINDOWS\SYSTEM\IETN.DLL
O2 - BHO: Class - {5F029C1B-E5AE-49A8-41E8-21F6F9CE353C} - C:\WINDOWS\WINZY32.DLL
O2 - BHO: (no name) - {5AFC2141-E078-11D8-B83F-00E067EAD79F} - C:\WINDOWS\SYSTEM\AMHKDA.DLL (file missing)
O2 - BHO: Class - {8D32D758-A1D6-5518-B819-34878C802C1B} - C:\WINDOWS\JAVALR32.DLL (file missing)
O2 - BHO: Class - {9BEDA47D-F76A-8794-9E1F-E4E0C452C0B6} - C:\WINDOWS\SYSTEM\MSGV.DLL (file missing)
O2 - BHO: Class - {04287683-5447-7A7F-D7B7-E13AD1D1DFA7} - C:\WINDOWS\SYSTEM\NTRY32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmer\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmer\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LWBMOUSE] C:\app\lwbwheel.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MFCHK32.EXE] C:\WINDOWS\SYSTEM\MFCHK32.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [NETED32.EXE] C:\WINDOWS\NETED32.EXE
O4 - HKLM\..\RunServices: [SDKKD32.EXE] C:\WINDOWS\SYSTEM\SDKKD32.EXE
O4 - HKLM\..\RunServices: [SYSXG32.EXE] C:\WINDOWS\SYSXG32.EXE
O4 - HKLM\..\RunServices: [APPUT32.EXE] C:\WINDOWS\APPUT32.EXE
O4 - HKLM\..\RunServices: [ADDRI32.EXE] C:\WINDOWS\SYSTEM\ADDRI32.EXE
O4 - HKLM\..\RunServices: [IETS32.EXE] C:\WINDOWS\IETS32.EXE
O4 - HKLM\..\RunServices: [CREO.EXE] C:\WINDOWS\CREO.EXE
O4 - HKLM\..\RunServices: [D3DT32.EXE] C:\WINDOWS\D3DT32.EXE
O4 - HKLM\..\RunServices: [SYSYE.EXE] C:\WINDOWS\SYSYE.EXE
O4 - HKLM\..\RunServices: [SYSLR32.EXE] C:\WINDOWS\SYSTEM\SYSLR32.EXE
O4 - HKLM\..\RunServices: [IEWW32.EXE] C:\WINDOWS\SYSTEM\IEWW32.EXE
O4 - HKLM\..\RunServices: [WINUO32.EXE] C:\WINDOWS\WINUO32.EXE
O4 - HKLM\..\RunServices: [MFCYS.EXE] C:\WINDOWS\MFCYS.EXE
O4 - HKLM\..\RunServices: [ATLMN.EXE] C:\WINDOWS\SYSTEM\ATLMN.EXE
O4 - HKLM\..\RunServices: [APPCT.EXE] C:\WINDOWS\SYSTEM\APPCT.EXE
O4 - HKLM\..\RunServices: [IEKN32.EXE] C:\WINDOWS\SYSTEM\IEKN32.EXE
O4 - HKLM\..\RunServices: [MSWS.EXE] C:\WINDOWS\MSWS.EXE
O4 - HKLM\..\RunServices: [NETZQ32.EXE] C:\WINDOWS\SYSTEM\NETZQ32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Dell Computer\Dell Image Expert\IXApplet.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL
Avatar billede andersenph Nybegynder
28. juli 2004 - 17:38 #11
Jamen det er da blevet lidt bedre end før og vi skal nok får den helt pæn, når vi engang er færdige.
Der kommer lige en runde mere her, som du skal gøre...
Hent det her program først:(Samme program, bare to links)
http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix
http://www.rokop-security.de/main/download.php?op=getit&lid=59

Efter download dobbeltklikkes på exe-filen og der klikkes på knappen: Desinfektion starten"
Herefter skal computeren genstartes. Cleaneren starter nu automatisk for at afslutte desinfektionen.
Herefter køres CWShredder, da den lige skal fjerne en enkelt registrering.


Hent CWShredder her:
http://www.computercops.biz/zx/phoenix22/cws.zip

Pak zipfilen ud i en mappe.
Kør programmet, tjek for updates, afbryd din internetforbindelse fysisk(stikket ud), deaktiver ALLE sikkerhedsprogrammer (f.eks Antivirus, Firewall, SpywareGuard mm), luk alle vinduer undtaget cwshredder, klik på Fix, den scanner nu, når den er færdig klik på Next, klik på Exit.

Prøv så en tur med Regedit.
Klik på Start - Kør skriv: regedit og klik OK.
Du får et vindue lidt ligesom stifinder.
Klik dig i venstre side frem til:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Tjek om der ligger en nøgle/tekst der hedder "HOMEOldSP", gør der det slet den.
Ligger der herinde nogle filer under search page, search bar som ender på noget ....\sp. Skal du også slette dem.

Gå i rediger - ned i søg - i linjen skriver du: HOMEOldSP
Klik på find næste. Delete filen hvis den findes. Tast f3 for at finde næste (der er sikkert kun en)
Samme fremgangsmåde med søgeordet About:blank
Luk på X når du får at vide der ikke er flere filer at finde.


Du skal nu til at i gang med at fixe. Først skal du slå systemgendannelse fra. NB. Gælder kun for dem som kører med Windows XP eller ME. Der er ikke systemgendannelse i Win98 samt Win2000. Hvis du ikke ved, hvordan du gør det så kig her: http://www.spywarefri.dk/virusscannere.htm#alle

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked. Efter fix skal du genstarte din computer.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbiur.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wbiur.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wbiur.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\wbiur.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\wbiur.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wbiur.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {316D6034-8672-118C-728F-D9D78EFEA265} - C:\WINDOWS\ATLEK.DLL (file missing)
O2 - BHO: Class - {8E94E12D-82FB-A5DD-B787-5B86D538F6BF} - C:\WINDOWS\NETRD32.DLL (file missing)
O2 - BHO: Class - {43DD5961-CA21-309E-A707-F9C0813A3D33} - C:\WINDOWS\SYSTEM\CRER32.DLL (file missing)
O2 - BHO: Class - {A006325B-CDDD-9214-0C39-240125681B78} - C:\WINDOWS\MSMS32.DLL (file missing)
O2 - BHO: Class - {FBE082F8-A0D5-70CD-EB90-9C45156A5E8A} - C:\WINDOWS\D3IM32.DLL (file missing)
O2 - BHO: ]äÀÒõ‡{' )2•3¡Ö@¤y  - Data - (no file)
O2 - BHO: C:\WINDOWS\SYSTEM\JAVAPK32.DLL - InprocServer32 - (no file)
O2 - BHO: Class - {A2563C50-FEE3-7E41-3234-5C1758728522} - C:\WINDOWS\SYSTEM\JAVAXO.DLL (file missing)
O2 - BHO: Class - {B0306DEB-BBD3-5C3B-9594-EBC25BA84BF8} - C:\WINDOWS\SYSTEM\APPIY.DLL
O2 - BHO: Class - {A8BD9C38-D1DD-A874-F18E-BE3BA429FC7D} - C:\WINDOWS\MFCXI32.DLL (file missing)
O2 - BHO: Class - {5E72CEE7-CBA9-6EA8-6BD5-672ABB5AF46C} - C:\WINDOWS\APILG.DLL (file missing)
O2 - BHO: Class - {6C95404A-E5AF-4D52-3E8A-81F9CF4E4876} - C:\WINDOWS\JAVAAI.DLL (file missing)
O2 - BHO: Class - {05C692D5-DCB9-8CC3-6E86-C453115CFEB4} - C:\WINDOWS\SYSTEM\D3ZI32.DLL (file missing)
O2 - BHO: Class - {32CEA936-E07D-3518-1265-BED8174E16CE} - C:\WINDOWS\WINHK.DLL
O2 - BHO: Class - {A00E8BE1-F4AB-F036-EC5E-9DBF9092B2A8} - C:\WINDOWS\CRCS.DLL (file missing)
O2 - BHO: Class - {FB2785DC-6C8E-B839-61C8-3F6127DC95AB} - C:\WINDOWS\SYSTEM\NTPN.DLL
O2 - BHO: Class - {E2B4FCC5-E7C0-FD6E-9969-152F9F01DBD7} - C:\WINDOWS\MFCXA.DLL (file missing)
O2 - BHO: Class - {AB7897DF-B84C-91D1-F3BA-557F270913BC} - C:\WINDOWS\SYSTEM\MSWZ.DLL (file missing)
O2 - BHO: Class - {954C9901-1DEE-E71F-C75D-371525C4626D} - C:\WINDOWS\SYSTEM\NETOU.DLL (file missing)
O2 - BHO: Class - {897D506F-286C-3DFB-3B9D-97E50E4FBE10} - C:\WINDOWS\SYSTEM\IETN.DLL
O2 - BHO: Class - {5F029C1B-E5AE-49A8-41E8-21F6F9CE353C} - C:\WINDOWS\WINZY32.DLL
O2 - BHO: (no name) - {5AFC2141-E078-11D8-B83F-00E067EAD79F} - C:\WINDOWS\SYSTEM\AMHKDA.DLL (file missing)
O2 - BHO: Class - {8D32D758-A1D6-5518-B819-34878C802C1B} - C:\WINDOWS\JAVALR32.DLL (file missing)
O2 - BHO: Class - {9BEDA47D-F76A-8794-9E1F-E4E0C452C0B6} - C:\WINDOWS\SYSTEM\MSGV.DLL (file missing)
O2 - BHO: Class - {04287683-5447-7A7F-D7B7-E13AD1D1DFA7} - C:\WINDOWS\SYSTEM\NTRY32.DLL (file missing)

O4 - HKLM\..\RunServices: [MFCHK32.EXE] C:\WINDOWS\SYSTEM\MFCHK32.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [NETED32.EXE] C:\WINDOWS\NETED32.EXE
O4 - HKLM\..\RunServices: [SDKKD32.EXE] C:\WINDOWS\SYSTEM\SDKKD32.EXE
O4 - HKLM\..\RunServices: [SYSXG32.EXE] C:\WINDOWS\SYSXG32.EXE
O4 - HKLM\..\RunServices: [APPUT32.EXE] C:\WINDOWS\APPUT32.EXE
O4 - HKLM\..\RunServices: [ADDRI32.EXE] C:\WINDOWS\SYSTEM\ADDRI32.EXE
O4 - HKLM\..\RunServices: [IETS32.EXE] C:\WINDOWS\IETS32.EXE
O4 - HKLM\..\RunServices: [CREO.EXE] C:\WINDOWS\CREO.EXE
O4 - HKLM\..\RunServices: [D3DT32.EXE] C:\WINDOWS\D3DT32.EXE
O4 - HKLM\..\RunServices: [SYSYE.EXE] C:\WINDOWS\SYSYE.EXE
O4 - HKLM\..\RunServices: [SYSLR32.EXE] C:\WINDOWS\SYSTEM\SYSLR32.EXE
O4 - HKLM\..\RunServices: [IEWW32.EXE] C:\WINDOWS\SYSTEM\IEWW32.EXE
O4 - HKLM\..\RunServices: [WINUO32.EXE] C:\WINDOWS\WINUO32.EXE
O4 - HKLM\..\RunServices: [MFCYS.EXE] C:\WINDOWS\MFCYS.EXE
O4 - HKLM\..\RunServices: [ATLMN.EXE] C:\WINDOWS\SYSTEM\ATLMN.EXE
O4 - HKLM\..\RunServices: [APPCT.EXE] C:\WINDOWS\SYSTEM\APPCT.EXE
O4 - HKLM\..\RunServices: [IEKN32.EXE] C:\WINDOWS\SYSTEM\IEKN32.EXE
O4 - HKLM\..\RunServices: [MSWS.EXE] C:\WINDOWS\MSWS.EXE
O4 - HKLM\..\RunServices: [NETZQ32.EXE] C:\WINDOWS\SYSTEM\NETZQ32.EXE


O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL
-------------------------------------------------------------------
For at kunne se alle filer og mapper, så følg denne vejledning:
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i fejlsikret tilstand.
C:\Windows\Temp\ - Tøm alt i mappen Temp, og derefter skal du tømme din papirkurv.
C:\WINDOWS\system\wbiur.dll>>>>slet filen wbiur.dll
Alle dll filerne som er nævnt i 02 linierne
Alle exe filerne som er nævnt i 04 linierne
C:\WINDOWS\MSOPT.DLL

Genstart.
Husk at genaktivere dine sikkerhedsprogrammer inden du går på nettet.

Lav så en ny log til gennemsyn.
Avatar billede mogensd Nybegynder
28. juli 2004 - 20:09 #12
Foreløbig tak - går igang meget snart og vender tilbage, om ikke før, så i morgen
Avatar billede andersenph Nybegynder
28. juli 2004 - 20:10 #13
Det er bare ok :O)
Avatar billede mogensd Nybegynder
29. juli 2004 - 00:48 #14
Har nu foretaget det foreskrevne - har allerede under processen registreret min pc er blevet betydelig hurtigere, og det er jo bare en rigtig stor fremgang. Har heller ikke haft de nedbrud som  ellers var ved at være naturlig. Her følger så den aftalte log:
Logfile of HijackThis v1.98.0
Scan saved at 00:50:42, on 29-07-04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\NETAG32.EXE
C:\WINDOWS\IPPO32.EXE
C:\WINDOWS\CRRO.EXE
C:\WINDOWS\WINMG32.EXE
C:\WINDOWS\MSVH.EXE
C:\WINDOWS\SYSTEM\SYSOI.EXE
C:\WINDOWS\SYSTEM\IERS.EXE
C:\WINDOWS\MSAK32.EXE
C:\WINDOWS\SYSTEM\IEIU32.EXE
C:\WINDOWS\ATLBS.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SDKVL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\APP\LWBWHEEL.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAMMER\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMER\DELL COMPUTER\DELL IMAGE EXPERT\IXAPPLET.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\WINMG32.EXE
C:\WINDOWS\MSUN.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
C:\PROGRAMMER\TILBEHøR\WORDPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jamhi.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jamhi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jamhi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jamhi.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jamhi.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jamhi.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {3F210E36-D824-B4EE-58A6-03FD2C176480} - C:\WINDOWS\SYSTEM\D3PX32.DLL (file missing)
O2 - BHO: Class - {0E5EA4C0-B875-E8EB-6346-37389658CBB1} - C:\WINDOWS\ATLXH32.DLL (file missing)
O2 - BHO: Class - {908C94A7-18BA-B64A-8430-A47DE5203985} - C:\WINDOWS\IELR32.DLL (file missing)
O2 - BHO: Class - {55ADBD91-CDE2-EACB-AB9C-740E22B33F39} - C:\WINDOWS\APPVI.DLL
O2 - BHO: Class - {DD6986A6-F6F5-B1A1-66D4-27153C5F2717} - C:\WINDOWS\SYSTEM\IPSR.DLL (file missing)
O2 - BHO: Class - {2DB2B4D5-50F2-B854-35AD-B1004EF4A759} - C:\WINDOWS\MFCOM32.DLL (file missing)
O2 - BHO: Class - {91499CE5-D55E-E652-6515-01180433DFA8} - C:\WINDOWS\SYSTEM\APPVH.DLL (file missing)
O2 - BHO: Class - {DEE5AA18-EB1A-6795-A8EA-47C2B27B4D20} - C:\WINDOWS\D3KM32.DLL (file missing)
O2 - BHO: Class - {EC5229CB-E994-4040-FBB2-ECB3E57E8FA6} - C:\WINDOWS\NTLL.DLL (file missing)
O2 - BHO: Class - {2818C44B-BB2A-1D3D-B10F-7519A7E3CBD8} - C:\WINDOWS\SYSTEM\ATLLT32.DLL (file missing)
O2 - BHO: Class - {F1699B40-CC39-605C-2B4D-DEE2EFC6A6B2} - C:\WINDOWS\SYSTEM\SDKPG.DLL (file missing)
O2 - BHO: Class - {8C7EFC8D-F3B6-5987-B80F-AC47A7FA0ABD} - C:\WINDOWS\SYSTEM\APIPY.DLL (file missing)
O2 - BHO: Class - {47B4795A-5DDB-5655-BF52-CE7148789A91} - C:\WINDOWS\APPDU.DLL (file missing)
O2 - BHO: Class - {954C9901-1DEE-E71F-C75D-371525C4626D} - C:\WINDOWS\SYSTEM\NETOU.DLL (file missing)
O2 - BHO: Class - {E2B4FCC5-E7C0-FD6E-9969-152F9F01DBD7} - C:\WINDOWS\MFCXA.DLL (file missing)
O2 - BHO: Class - {897D506F-286C-3DFB-3B9D-97E50E4FBE10} - C:\WINDOWS\SYSTEM\IETN.DLL (file missing)
O2 - BHO: Class - {A00E8BE1-F4AB-F036-EC5E-9DBF9092B2A8} - C:\WINDOWS\CRCS.DLL (file missing)
O2 - BHO: Class - {AB7897DF-B84C-91D1-F3BA-557F270913BC} - C:\WINDOWS\SYSTEM\MSWZ.DLL (file missing)
O2 - BHO: Class - {32CEA936-E07D-3518-1265-BED8174E16CE} - C:\WINDOWS\WINHK.DLL (file missing)
O2 - BHO: Class - {3F1D1C11-C6CD-314A-27A6-C5CE2849DB25} - C:\WINDOWS\SYSTEM\MSFI32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\app\lwbwheel.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmer\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmer\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SYSOI.EXE] C:\WINDOWS\SYSTEM\SYSOI.EXE
O4 - HKLM\..\RunServices: [NETAG32.EXE] C:\WINDOWS\NETAG32.EXE
O4 - HKLM\..\RunServices: [MSVH.EXE] C:\WINDOWS\MSVH.EXE
O4 - HKLM\..\RunServices: [CRRO.EXE] C:\WINDOWS\CRRO.EXE
O4 - HKLM\..\RunServices: [IPPO32.EXE] C:\WINDOWS\IPPO32.EXE
O4 - HKLM\..\RunServices: [WINMG32.EXE] C:\WINDOWS\WINMG32.EXE
O4 - HKLM\..\RunServices: [IERS.EXE] C:\WINDOWS\SYSTEM\IERS.EXE
O4 - HKLM\..\RunServices: [ATLBS.EXE] C:\WINDOWS\ATLBS.EXE
O4 - HKLM\..\RunServices: [MSAK32.EXE] C:\WINDOWS\MSAK32.EXE
O4 - HKLM\..\RunServices: [IEIU32.EXE] C:\WINDOWS\SYSTEM\IEIU32.EXE
O4 - HKLM\..\RunServices: [SDKVL32.EXE] C:\WINDOWS\SDKVL32.EXE
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [MSUN.EXE] C:\WINDOWS\MSUN.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Dell Computer\Dell Image Expert\IXApplet.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

Er meget spændt på diagnosen.
Avatar billede andersenph Nybegynder
29. juli 2004 - 12:09 #15
Ja det går da fremad :O)
Men der er et stykke vej endnu....

Start op i fejlsikret tilstand og gør følgende:

Gå en tur i Regedit.
Klik på Start - Kør skriv: regedit og klik OK.
Du får et vindue lidt ligesom stifinder.
Gå i rediger - ned i søg - i linjen skriver du:MSOPT.DLL
Slet alt du kan finde.

Start så hijack.

Fix disse:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jamhi.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jamhi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jamhi.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\jamhi.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\jamhi.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jamhi.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3F210E36-D824-B4EE-58A6-03FD2C176480} - C:\WINDOWS\SYSTEM\D3PX32.DLL (file missing)
O2 - BHO: Class - {0E5EA4C0-B875-E8EB-6346-37389658CBB1} - C:\WINDOWS\ATLXH32.DLL (file missing)
O2 - BHO: Class - {908C94A7-18BA-B64A-8430-A47DE5203985} - C:\WINDOWS\IELR32.DLL (file missing)
O2 - BHO: Class - {55ADBD91-CDE2-EACB-AB9C-740E22B33F39} - C:\WINDOWS\APPVI.DLL
O2 - BHO: Class - {DD6986A6-F6F5-B1A1-66D4-27153C5F2717} - C:\WINDOWS\SYSTEM\IPSR.DLL (file missing)
O2 - BHO: Class - {2DB2B4D5-50F2-B854-35AD-B1004EF4A759} - C:\WINDOWS\MFCOM32.DLL (file missing)
O2 - BHO: Class - {91499CE5-D55E-E652-6515-01180433DFA8} - C:\WINDOWS\SYSTEM\APPVH.DLL (file missing)
O2 - BHO: Class - {DEE5AA18-EB1A-6795-A8EA-47C2B27B4D20} - C:\WINDOWS\D3KM32.DLL (file missing)
O2 - BHO: Class - {EC5229CB-E994-4040-FBB2-ECB3E57E8FA6} - C:\WINDOWS\NTLL.DLL (file missing)
O2 - BHO: Class - {2818C44B-BB2A-1D3D-B10F-7519A7E3CBD8} - C:\WINDOWS\SYSTEM\ATLLT32.DLL (file missing)
O2 - BHO: Class - {F1699B40-CC39-605C-2B4D-DEE2EFC6A6B2} - C:\WINDOWS\SYSTEM\SDKPG.DLL (file missing)
O2 - BHO: Class - {8C7EFC8D-F3B6-5987-B80F-AC47A7FA0ABD} - C:\WINDOWS\SYSTEM\APIPY.DLL (file missing)
O2 - BHO: Class - {47B4795A-5DDB-5655-BF52-CE7148789A91} - C:\WINDOWS\APPDU.DLL (file missing)
O2 - BHO: Class - {954C9901-1DEE-E71F-C75D-371525C4626D} - C:\WINDOWS\SYSTEM\NETOU.DLL (file missing)
O2 - BHO: Class - {E2B4FCC5-E7C0-FD6E-9969-152F9F01DBD7} - C:\WINDOWS\MFCXA.DLL (file missing)
O2 - BHO: Class - {897D506F-286C-3DFB-3B9D-97E50E4FBE10} - C:\WINDOWS\SYSTEM\IETN.DLL (file missing)
O2 - BHO: Class - {A00E8BE1-F4AB-F036-EC5E-9DBF9092B2A8} - C:\WINDOWS\CRCS.DLL (file missing)
O2 - BHO: Class - {AB7897DF-B84C-91D1-F3BA-557F270913BC} - C:\WINDOWS\SYSTEM\MSWZ.DLL (file missing)
O2 - BHO: Class - {32CEA936-E07D-3518-1265-BED8174E16CE} - C:\WINDOWS\WINHK.DLL (file missing)
O2 - BHO: Class - {3F1D1C11-C6CD-314A-27A6-C5CE2849DB25} - C:\WINDOWS\SYSTEM\MSFI32.DLL (file missing)
O4 - HKLM\..\RunServices: [SYSOI.EXE] C:\WINDOWS\SYSTEM\SYSOI.EXE
O4 - HKLM\..\RunServices: [NETAG32.EXE] C:\WINDOWS\NETAG32.EXE
O4 - HKLM\..\RunServices: [MSVH.EXE] C:\WINDOWS\MSVH.EXE
O4 - HKLM\..\RunServices: [CRRO.EXE] C:\WINDOWS\CRRO.EXE
O4 - HKLM\..\RunServices: [IPPO32.EXE] C:\WINDOWS\IPPO32.EXE
O4 - HKLM\..\RunServices: [WINMG32.EXE] C:\WINDOWS\WINMG32.EXE
O4 - HKLM\..\RunServices: [IERS.EXE] C:\WINDOWS\SYSTEM\IERS.EXE
O4 - HKLM\..\RunServices: [ATLBS.EXE] C:\WINDOWS\ATLBS.EXE
O4 - HKLM\..\RunServices: [MSAK32.EXE] C:\WINDOWS\MSAK32.EXE
O4 - HKLM\..\RunServices: [IEIU32.EXE] C:\WINDOWS\SYSTEM\IEIU32.EXE
O4 - HKLM\..\RunServices: [SDKVL32.EXE] C:\WINDOWS\SDKVL32.EXE
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

Så sletter du stadig i fejlsikret:
C:\WINDOWS\system\jamhi.dll
C:\WINDOWS\NETAG32.EXE
C:\WINDOWS\IPPO32.EXE
C:\WINDOWS\CRRO.EXE
C:\WINDOWS\WINMG32.EXE
C:\WINDOWS\MSVH.EXE
C:\WINDOWS\SYSTEM\SYSOI.EXE
C:\WINDOWS\SYSTEM\IERS.EXE
C:\WINDOWS\MSAK32.EXE
C:\WINDOWS\SYSTEM\IEIU32.EXE
C:\WINDOWS\ATLBS.EXE
C:\WINDOWS\SDKVL32.EXE
C:\WINDOWS\WINMG32.EXE
C:\WINDOWS\MSUN.EXE

Alle file missing liniernes dll skal væk

C:\WINDOWS\SYSTEM\SYSOI.EXE
C:\WINDOWS\NETAG32.EXE
C:\WINDOWS\MSVH.EXE
C:\WINDOWS\CRRO.EXE
C:\WINDOWS\IPPO32.EXE
C:\WINDOWS\WINMG32.EXE
C:\WINDOWS\SYSTEM\IERS.EXE
C:\WINDOWS\ATLBS.EXE
C:\WINDOWS\MSAK32.EXE
C:\WINDOWS\SYSTEM\IEIU32.EXE
C:\WINDOWS\SDKVL32.EXE

Så kører du Cwshredder og ad-aware og sletter alt hvad de finder.

Genstart og ny log

Det er meget vigtigt at du får slettet alt jeg nævner, ellers risikerer vi at det bare starter forfra....

Husk at tømme Temp mappen igen :O)
Avatar billede mogensd Nybegynder
30. juli 2004 - 00:47 #16
Har foretaget "dagens opgave" - Vedr Fix med hijack:
Linie 2 R1 HKCU\system\jamhi.dll/sp.html#96676 - findes denne ikke, men i stedet for en der hedder\system\vvkio.dll. Denne er IKKE fixet! Den går i øvrigt igen i line 3 "R0 og flere andre hvor "jamhi.dll" hos mig findes som "vvkio.dll". Har derfor heller ikke fixet dem!
Vedr. sletning i fejlsikret tilstand: kunne ikke finde "C:\WINDOWS\WINMG32.EXE"
Hele sidste afsnit med C:WINDOWS\SYSTEM\Div. EXE-filer "fandtes ikke" - var jo slettet i afsnittet ovenover (de fleste).
Vedr "Alle filer "missing linier dll" blev jo fjernet (fixet) med hijack - eller hvad ?
Fik iøvrigt idag en hel del "japanerpost" - i tekstruden var der enkelte billeder, blev næsten helt genert !
Hermed nyeste hijack-log:

Logfile of HijackThis v1.98.0
Scan saved at 00:51:45, on 30-07-04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\NTGO32.EXE
C:\WINDOWS\SYSTEM\WINCE32.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\APP\LWBWHEEL.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAMMER\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAMMER\DELL COMPUTER\DELL IMAGE EXPERT\IXAPPLET.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WINCE32.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\drzjw.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://drzjw.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://drzjw.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\drzjw.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\drzjw.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://drzjw.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {A486C68F-6631-2A80-9130-5AAE5A0D6D0E} - C:\WINDOWS\SYSTEM\ADDRN.DLL
O2 - BHO: Class - {4EE12872-1521-4B63-1BB4-09617436BD48} - C:\WINDOWS\JAVAOS32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\app\lwbwheel.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmer\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmer\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [NTGO32.EXE] C:\WINDOWS\SYSTEM\NTGO32.EXE
O4 - HKLM\..\RunServices: [WINCE32.EXE] C:\WINDOWS\SYSTEM\WINCE32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Dell Computer\Dell Image Expert\IXApplet.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
Avatar billede andersenph Nybegynder
30. juli 2004 - 00:59 #17
Det hjælper på det nu :O)

Jeg skal have dig til at fixe følgende i fejlsikret tilstand:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\drzjw.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://drzjw.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://drzjw.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\drzjw.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\drzjw.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://drzjw.dll/index.html#96676
O2 - BHO: Class - {A486C68F-6631-2A80-9130-5AAE5A0D6D0E} - C:\WINDOWS\SYSTEM\ADDRN.DLL
O2 - BHO: Class - {4EE12872-1521-4B63-1BB4-09617436BD48} - C:\WINDOWS\JAVAOS32.DLL (file missing)

Find og slet:
C:\WINDOWS\drzjw.dll
C:\WINDOWS\SYSTEM\ADDRN.DLL
C:\WINDOWS\JAVAOS32.DLL
C:\WINDOWS\SYSTEM\WINCE32.EXE

Så genstarter du og kører Cwshredder og ad-aware.....

Nu må den da være der :O)

Kom med en ny log til kontrol
Avatar billede mogensd Nybegynder
02. august 2004 - 23:08 #18
Beklager har været "tvunget" væk fra min pc et par dage nu. Har lige en times tid, men er så tilbage i morgen formiddag.
De ting du bad mig fixe sidst har ikke kunnet lade sig gøre - findes ikke som WINDOWS\drzjw.dll, men derimod som\buczc. Kunne derfor kun fixe 02ére !
Vedr. "Find og slet":
Den første og sidste er slettet - de to midterste "findes ej" ??
Ellers generelt er situationen den, at jeg igen har fået en masse "japanerpost" som jeg løbende sletter,ligesom det heller ikke er muligt at vælge "startside".
Er iøvrigt meget imponeret over denne service her. Håber at høre nærmere - tak
Avatar billede mogensd Nybegynder
02. august 2004 - 23:12 #19
Undskyld mange gange, glemte at vedlægge log - følger her:
Scan saved 22:49:21, on 02-08-04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSQS.EXE
C:\WINDOWS\SYSTEM\SDKIJ32.EXE
C:\WINDOWS\SYSTEM\NTGO32.EXE
C:\WINDOWS\SDKLK32.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\APP\LWBWHEEL.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAMMER\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMER\DELL COMPUTER\DELL IMAGE EXPERT\IXAPPLET.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAMMER\TILBEHøR\WORDPAD.EXE
C:\PROGRAMMER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\buczc.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://buczc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://buczc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\buczc.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\buczc.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://buczc.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {CF546225-341C-30CE-6E17-98A3B9CEEB9D} - C:\WINDOWS\MSHE32.DLL
O2 - BHO: Class - {A486C68F-6631-2A80-9130-5AAE5A0D6D0E} - C:\WINDOWS\SYSTEM\ADDRN.DLL (file missing)
O2 - BHO: Class - {D8B75631-FC5A-770C-FEB6-B6EE7D86FB2F} - C:\WINDOWS\ADDOC32.DLL (file missing)
O2 - BHO: Class - {4476003E-1C4F-1EF2-097F-B2D801824FD1} - C:\WINDOWS\ADDAO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\app\lwbwheel.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmer\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmer\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Programmer\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [NTGO32.EXE] C:\WINDOWS\SYSTEM\NTGO32.EXE
O4 - HKLM\..\RunServices: [WINCE32.EXE] C:\WINDOWS\SYSTEM\WINCE32.EXE
O4 - HKLM\..\RunServices: [SYSQS.EXE] C:\WINDOWS\SYSTEM\SYSQS.EXE
O4 - HKLM\..\RunServices: [SDKLK32.EXE] C:\WINDOWS\SDKLK32.EXE
O4 - HKLM\..\RunServices: [SDKIJ32.EXE] C:\WINDOWS\SYSTEM\SDKIJ32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Dell Computer\Dell Image Expert\IXApplet.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
Avatar billede andersenph Nybegynder
03. august 2004 - 16:44 #20
Hent denne scanner:
http://www.mwti.net/antivirus/free_utilities.asp
Det er ligegyldigt hvilken af de 7 downloadsteder du bruger.
Inde i opsætning sætter du den til at scanne alt.
Kør den.

Hent dette lille program:
http://www.atribune.org/downloads/AboutBuster.zip

Start op i fejlsikret.
Start Hijackthis.
Fix disse:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\buczc.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://buczc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://buczc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\buczc.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\buczc.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://buczc.dll/index.html#96676
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [NTGO32.EXE] C:\WINDOWS\SYSTEM\NTGO32.EXE
O4 - HKLM\..\RunServices: [WINCE32.EXE] C:\WINDOWS\SYSTEM\WINCE32.EXE
O4 - HKLM\..\RunServices: [SYSQS.EXE] C:\WINDOWS\SYSTEM\SYSQS.EXE
O4 - HKLM\..\RunServices: [SDKLK32.EXE] C:\WINDOWS\SDKLK32.EXE
O4 - HKLM\..\RunServices: [SDKIJ32.EXE] C:\WINDOWS\SYSTEM\SDKIJ32.EXE
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Søg efter:
C:\WINDOWS\buczc.dll
C:\WINDOWS\ADDAO.DLL
C:\WINDOWS\SYSTEM\NTGO32.EXE
C:\WINDOWS\SYSTEM\WINCE32.EXE
C:\WINDOWS\SYSTEM\SYSQS.EXE
C:\WINDOWS\SDKLK32.EXE
C:\WINDOWS\SYSTEM\SDKIJ32.EXE
Slet dem hvis du finder dem.

Så piller du stikket til netværk ud. Du må ikke genstarte.
Kør Cwshredder og fix hvad den finder.

Genstart og kom med ny log.
Avatar billede andersenph Nybegynder
03. august 2004 - 22:02 #21
Efter du har søgt og slettet de filer jeg beder dig om, skal du køre det program der hedder about buster, som jeg linker til:
http://www.atribune.org/downloads/AboutBuster.zip
Avatar billede andersenph Nybegynder
04. august 2004 - 07:34 #22
Nå jeg har lavet lidt research og fundet en kur hos min læremester.
Den er temmelig omfattende, men du er angrebet af den værste Cool Web Search der findes i øjeblikket.
Se bort fra de to sidste indlæg.
Gør som beskrevet nedenfor. Så burde du kunne slippe af med den.

Så tænker du måske, når du ser den, at det må så være nemmere at formattere.
Det hjælper bare ikke. Det vil fortsætte....

God arbejdslyst :O)

Hent værktøjet About:Buster lavet af Rubber Ducky.
http://tools.zerosrealm.com/AboutBuster.zip
Opret en mappe på dit skrivebord, og pak About:Buster ud i denne mappe.

Hent dette regcleaner Supreme program, som er gratis i en 30 dages periode. http://www.webmasterfree.com/regcleaner.html

Hent og installer denne engangsskanner fra Kaspersky: http://www.mwti.net/antivirus/free_utilities.asp


Enten skal du bruge et program til at få renset ud i Temp mm.

Hent: http://www.spywarefri.dk/vaerktoj.htm#emptytemp
Og læs manualen til opsætning af programmet her:
http://www.spywarefri.dk/emptytempfolders.manual.htm

Hvis du vælger at bruge programmet, skal du installere og sætte det op med det samme. Jeg vil tilråde at du benytter dette prg. da det kan lave en totalt oprydning på din maskine.


Udskriv denne anvisning, da du skal af Nettet senere.

Når du gjort dette, skal du lade programmerne du lige har hentet ligge lidt, for du skal bruge dem lidt senere.

---------------------------------------------------------------------------------------



---------------------------------------------------------------------------------------

Du skal nu trække netstikket ud af din computer.

Brug "Taskmanager/procesliste" (Ctrl+Alt+Del) til at afslutte følgende processer hvis

du kan finde dem:

C:\WINDOWS\buczc.dll
C:\WINDOWS\ADDAO.DLL
C:\WINDOWS\SYSTEM\NTGO32.EXE
C:\WINDOWS\SYSTEM\WINCE32.EXE
C:\WINDOWS\SYSTEM\SYSQS.EXE
C:\WINDOWS\SDKLK32.EXE
C:\WINDOWS\SYSTEM\SDKIJ32.EXE
-------------------------------------------------------------------------------------

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge

ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er

meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at

lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

BEMÆRK: DU MÅ KUN FIXE DEM VI BEDER DIG OM

Fix disse:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\buczc.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://buczc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://buczc.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\buczc.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\buczc.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://buczc.dll/index.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {CF546225-341C-30CE-6E17-98A3B9CEEB9D} - C:\WINDOWS\MSHE32.DLL
O2 - BHO: Class - {A486C68F-6631-2A80-9130-5AAE5A0D6D0E} - C:\WINDOWS\SYSTEM\ADDRN.DLL (file missing)
O2 - BHO: Class - {D8B75631-FC5A-770C-FEB6-B6EE7D86FB2F} - C:\WINDOWS\ADDOC32.DLL (file missing)
O2 - BHO: Class - {4476003E-1C4F-1EF2-097F-B2D801824FD1} - C:\WINDOWS\ADDAO.DLL
O4 - HKLM\..\RunServices: [NTGO32.EXE] C:\WINDOWS\SYSTEM\NTGO32.EXE
O4 - HKLM\..\RunServices: [WINCE32.EXE] C:\WINDOWS\SYSTEM\WINCE32.EXE
O4 - HKLM\..\RunServices: [SYSQS.EXE] C:\WINDOWS\SYSTEM\SYSQS.EXE
O4 - HKLM\..\RunServices: [SDKLK32.EXE] C:\WINDOWS\SDKLK32.EXE
O4 - HKLM\..\RunServices: [SDKIJ32.EXE] C:\WINDOWS\SYSTEM\SDKIJ32.EXE
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)



---------------------------------------------------------------------------------------


Nu lukker du ALLE vinduer. Find den mappe hvori du lagde About:Buster. Kør programmet - tryk ok til meddelelsen, tryk på start - tast følgende i den hvide boks, hvis programmet beder dig om det (det vil sjældent ske du skal taste denne linje) – res:// C:\WINDOWS\buczc.dll/sp.html#96676
- Kopier den log, som kommer frem i den anden hvide boks. Gem den i notesblok, da du skal bruge den lidt senere.

---------------------------------------------------------------------------------------

Så skal vi lige være sikre på at du kan se alle filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

---------------------------------------------------------------------

Okay nu skal der ryddes op i Temp filer m.m. Du skal bruge EmptyTempFolders. Ved hjælp af manualen, skal du nu slette alt i:
Temp, Temporary Internet Files, Cookies, History og tøm derefter din papirkurv.

----------------------------------------------------------------------------------

Så får du lige et lille job. Åbn Notepad/Notesblok du finder det under - Start -

Tilbehør. Kopier det her med fed ind i Notepad/Notesblok:

del C:\WINDOWS\buczc.dll /f
del C:\WINDOWS\ADDAO.DLL /f
del C:\WINDOWS\SYSTEM\NTGO32.EXE /f
del C:\WINDOWS\SYSTEM\WINCE32.EXE /f
del C:\WINDOWS\SYSTEM\SYSQS.EXE /f
del C:\WINDOWS\SDKLK32.EXE /f
del C:\WINDOWS\SYSTEM\SDKIJ32.EXE /f


Gem filen som: clear.bat
I filtypen skal der stå ”Alle filer”
Klik derefter på gem.

Lukke ALLE vinduer - dobbeltklik på filen clear.bat - det kan du roligt gøre et par gange.

For en sikkerheds skyld skal du bagefter, tjekke om disse filer er blevet slettet. Hvis
de ikke er, prøv da at slette dem manuelt. Hvis du ikke kan slette dem, og der opstår
fejl, prøv da at trykke ”ctrl+alt+del” og afslut dem i ”Taskmanager” og prøv så at
slette dem.

---------------------------------------------------------------------------
Kør HijackThis igen og se om de ting du lige har slettet er kommet igen. Hvis de er kommet igen, marker da disse filer igen ligesom før og fix dem, og kør About:Buster  igen (At gøre dette to gange er ikke ualmindeligt).

Kør så Regsupreme som du har hentet tidligere og fix/fjern det den finder

Bagefter kører du så engangsskanneren fra Kaspersky - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.

Og følg det råd her med at få lagt den adresse i klassificeret zone og evt også i firewall http://www.spywarefri.dk/virus.htm#snedig

Genstart (<----Dette skulle gerne være din første genstart efter vi startede)

Kør en ny scanning med Hijackthis, og kopier en frisk log herind.
Avatar billede mogensd Nybegynder
04. august 2004 - 11:36 #23
Tak for urtethe !
Følger naturligvis de givne råd og går snarest igang. Kørte iøvrigt i aftes den virusscannerfra eScan. Den fandt og slettede ialt 511 inficerede filer ! (Efter næsten 3 timers kørsel)! Det er jo tankevækkende, særlig når man tænker på at jeg lige forinden havde kørt en scanning med mit sædvanlige program, der kun fandt 2 !! - Jeg har meget at lære.
Avatar billede andersenph Nybegynder
04. august 2004 - 11:40 #24
Det har vi alle....
Og heldigvis for det. Ellers var det da for kedeligt *S*
Avatar billede mogensd Nybegynder
06. august 2004 - 16:09 #25
Kan ikke finde min NOTEPAD.EXE. Kan den være slettet under den igangv. proces - el. evt. taget navneforandring ?
Avatar billede andersenph Nybegynder
07. august 2004 - 09:52 #26
Vi har ikke slettet den. Det er helt sikkert.
Kan du komme til at skrive det på en anden maskine og lægge det over på en diskette.
Læg derefter den ind på din inficerede maskine.
Avatar billede mogensd Nybegynder
12. august 2004 - 21:09 #27
Er nu tilbage igen efter et større og længerevarende nedbrud - har bl.a. måttet indlæse WIN98 - i en lidt nyere version end tidligere.
Er nu klar til at gå igang med den opgave du stillede den 4.8. Har lige et lille spørgsmål ang. de filer der skal fixes fra Hijack. Af dem du nævner, har jeg kun den R3 samt 018 Protocol ! Mange R1 har jeg næsten identiske, men nu med et andet navn i.s.f. \buczc.dll/sp.html#96676. Hvorfor mon ?
Avatar billede andersenph Nybegynder
12. august 2004 - 22:07 #28
Den bliver ved med at skifte navn.
Derfor er den så svær at få has på.

Jeg tror det er bedst at du kommer med en ny log....
Avatar billede mogensd Nybegynder
12. august 2004 - 22:57 #29
Logfile of HijackThis v1.98.0
Scan saved at 23:04:38, on 12-08-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\APIFS32.EXE
C:\WINDOWS\ADDQO.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\APIHW32.EXE
C:\WINDOWS\SYSTEM\SDKVI32.EXE
C:\WINDOWS\SYSTEM\IPID.EXE
C:\WINDOWS\ATLFW.EXE
C:\WINDOWS\APPXI32.EXE
C:\WINDOWS\SYSTEM\SDKQF32.EXE
C:\WINDOWS\JAVAFD32.EXE
C:\WINDOWS\SDKAK.EXE
C:\WINDOWS\SYSTEM\NTGL32.EXE
C:\WINDOWS\SYSTEM\ADDCB.EXE
C:\WINDOWS\SYSTEM\APPDR.EXE
C:\WINDOWS\MSMG32.EXE
C:\WINDOWS\APPFF32.EXE
C:\WINDOWS\CRYE.EXE
C:\WINDOWS\SYSTEM\CRPJ32.EXE
C:\WINDOWS\SYSTEM\SDKGU32.EXE
C:\WINDOWS\SYSTEM\SYSKP.EXE
C:\WINDOWS\APIGP32.EXE
C:\WINDOWS\SYSTEM\JAVAWG.EXE
C:\WINDOWS\IPBO32.EXE
C:\WINDOWS\SYSTEM\APIHT.EXE
C:\WINDOWS\NTHX32.EXE
C:\WINDOWS\SYSTEM\MFCEH.EXE
C:\WINDOWS\SYSTEM\NETKB.EXE
C:\WINDOWS\SYSTEM\ADDXL32.EXE
C:\WINDOWS\APIKM32.EXE
C:\WINDOWS\WINEX32.EXE
C:\WINDOWS\SYSTEM\ATLZP32.EXE
C:\WINDOWS\SYSTEM\ATLIR32.EXE
C:\WINDOWS\SYSTEM\MFCNI.EXE
C:\WINDOWS\APIIG.EXE
C:\WINDOWS\MFCXB32.EXE
C:\WINDOWS\SYSTEM\ADDHZ.EXE
C:\WINDOWS\SYSTEM\SYSSE32.EXE
C:\WINDOWS\SYSTEM\NTSE32.EXE
C:\WINDOWS\SYSTEM\NETXW.EXE
C:\WINDOWS\D3QY.EXE
C:\WINDOWS\ADDHR32.EXE
C:\WINDOWS\SYSZQ.EXE
C:\WINDOWS\SYSTEM\SDKAB32.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\CRQN.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEAUI.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\APP\LWBWHEEL.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
C:\PROGRAMMER\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAMMER\DELL COMPUTER\DELL IMAGE EXPERT\IXAPPLET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAMMER\EMPTY TEMP FOLDERS 2.8.3\EMPRUN.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSZQ.EXE
C:\WINDOWS\SYSTEM\SYSTT32.EXE
C:\WINDOWS\SYSTEM\SYSTT32.EXE
C:\WINDOWS\SYSTEM\D3IK.EXE
C:\PROGRAMMER\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://lnplb.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lnplb.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lnplb.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lnplb.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c99&s=search&query=%s&i=enu
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {EF1C5F19-D800-F30A-ADD5-7E618D29C88F} - C:\WINDOWS\D3FC32.DLL (file missing)
O2 - BHO: Class - {5436B57C-1E64-AF31-E968-FEE7E08B380E} - C:\WINDOWS\APIFT.DLL (file missing)
O2 - BHO: Class - {BF11B9E4-3B77-E5AF-86B2-02B125404061} - C:\WINDOWS\SYSTEM\IESK32.DLL (file missing)
O2 - BHO: Class - {652E4481-4559-A834-C591-6346D4B7F4DA} - C:\WINDOWS\SYSTEM\MSJW32.DLL (file missing)
O2 - BHO: Class - {2DCAEE65-A31A-24FB-DA53-9630B585F1BE} - C:\WINDOWS\JAVAMV32.DLL (file missing)
O2 - BHO: Class - {65FF53C3-38C9-0FBD-D77F-2A799677C2CA} - C:\WINDOWS\SYSTEM\ATLJT32.DLL (file missing)
O2 - BHO: Class - {455B7C3B-BCAA-9FA5-A3E8-C0A5ABC09CDF} - C:\WINDOWS\SYSTEM\D3UY32.DLL (file missing)
O2 - BHO: Class - {DBCAF7B9-90DE-F394-8B27-99397DB98475} - C:\WINDOWS\SDKZE32.DLL (file missing)
O2 - BHO: Class - {F1773C99-202C-7095-29F3-86BA522E366E} - C:\WINDOWS\SYSTEM\APIXO.DLL (file missing)
O2 - BHO: Class - {54249C9F-F760-36C9-F9E8-5C668C36824A} - C:\WINDOWS\SYSTEM\APISD.DLL (file missing)
O2 - BHO: Class - {98423E66-0A99-AACE-9761-7E959AD010C0} - C:\WINDOWS\SYSTEM\NTIE.DLL (file missing)
O2 - BHO: Class - {13955D97-674B-FA5D-CDFD-AEB795AAF4E5} - C:\WINDOWS\ATLOG32.DLL (file missing)
O2 - BHO: Class - {BD6D3515-13C8-89DB-38D3-4630B615B324} - C:\WINDOWS\ADDRQ32.DLL (file missing)
O2 - BHO: Class - {4AADCC72-5D6B-DD82-3227-0B1C9AC4510E} - C:\WINDOWS\SYSTEM\MFCJZ32.DLL (file missing)
O2 - BHO: Class - {30A66C85-5AF5-1B9D-03A3-66F9AD0D9FE1} - C:\WINDOWS\SYSTEM\NTIG.DLL (file missing)
O2 - BHO: Class - {958BB2A7-9071-CE70-4696-B6EC21EDCA49} - C:\WINDOWS\SYSQH.DLL (file missing)
O2 - BHO: Class - {A72DA518-41F3-C894-F46E-42E7280D77E4} - C:\WINDOWS\SYSTEM\ATLQY32.DLL (file missing)
O2 - BHO: Class - {BD476F3A-44D6-DCAD-0101-9B290A1A1552} - C:\WINDOWS\SYSTEM\ATLIA.DLL (file missing)
O2 - BHO: Class - {46034628-821C-05B4-C227-B5A0FC40FCAF} - C:\WINDOWS\WINVF.DLL (file missing)
O2 - BHO: Class - {B1D3DC92-F445-F8C6-A5E2-BC0A8A2E2A41} - C:\WINDOWS\SYSGN.DLL (file missing)
O2 - BHO: Class - {1176F3F5-0AC9-BEAB-E138-95A1A4AD263F} - C:\WINDOWS\SYSTEM\IPPR.DLL (file missing)
O2 - BHO: Class - {A15E421B-4D55-9A41-BB03-FFA5B9036A6C} - C:\WINDOWS\SYSTEM\D3TN.DLL (file missing)
O2 - BHO: Class - {1EB77D8F-DC5A-7E55-59FC-844CAE64FC70} - C:\WINDOWS\SYSME.DLL (file missing)
O2 - BHO: Class - {77E39910-F47A-BA88-8CA1-BAC672A713B9} - C:\WINDOWS\APPAK32.DLL (file missing)
O2 - BHO: Class - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - C:\WINDOWS\ADDDL32.DLL (file missing)
O2 - BHO: Class - {A9A038BF-52B4-5E38-F009-55DEF1EC172F} - C:\WINDOWS\SYSTEM\MFCWC32.DLL (file missing)
O2 - BHO: Class - {D3FEBB33-E2EC-5A3D-41BF-2F0678C664FE} - C:\WINDOWS\IPJE32.DLL (file missing)
O2 - BHO: Class - {1770D985-41E8-2FD2-FF5E-48174D0063CF} - C:\WINDOWS\SYSTEM\ADDWT.DLL (file missing)
O2 - BHO: Class - {E433A46E-2FD1-792D-709B-F788A00AC431} - C:\WINDOWS\MFCKZ32.DLL (file missing)
O2 - BHO: Class - {F985E118-14A8-36FC-B2DB-957E8D850A8F} - C:\WINDOWS\NETUM32.DLL (file missing)
O2 - BHO: Class - {53BFD566-8C42-CF00-7E2A-18D0FEB54028} - C:\WINDOWS\SYSTEM\NETSD32.DLL (file missing)
O2 - BHO: Class - {904C63F5-2041-CB09-DEEA-722D9B6F8DEF} - C:\WINDOWS\MSAD32.DLL (file missing)
O2 - BHO: Class - {DCC5B507-E97D-90C0-1BE4-0B1A0E0AEE7C} - C:\WINDOWS\SYSTEM\NTGX.DLL (file missing)
O2 - BHO: Class - {652D794B-763F-83DD-FAFE-5ACFEB85DA45} - C:\WINDOWS\SYSTEM\SYSUU32.DLL (file missing)
O2 - BHO: Class - {E6631787-D24B-4B08-07D3-9E2EFA49D84B} - C:\WINDOWS\ADDQN32.DLL (file missing)
O2 - BHO: Class - {CCE36674-EC0C-1EB9-5B3E-831BFAF1967B} - C:\WINDOWS\SYSTEM\MSPY.DLL (file missing)
O2 - BHO: Class - {F3E960E4-F8DE-2718-D510-335C5E2FEB9F} - C:\WINDOWS\D3ZU32.DLL (file missing)
O2 - BHO: Class - {E8D323FD-1B81-072E-343D-60220ADF9C47} - C:\WINDOWS\SYSPD32.DLL (file missing)
O2 - BHO: Class - {6D3D9AC3-8735-AB9F-B041-9A8ED9820589} - C:\WINDOWS\SYSTEM\APIZH32.DLL (file missing)
O2 - BHO: Class - {A63C74F8-0DBF-3CFE-27F1-83B90588A4CF} - C:\WINDOWS\APPCG32.DLL (file missing)
O2 - BHO: Class - {FA6D4AD5-F1DF-A18C-48C0-68516A397B35} - C:\WINDOWS\WINYP.DLL (file missing)
O2 - BHO: Class - {0372BF75-CDA2-BD24-2D6F-BCCFC6A8E85C} - C:\WINDOWS\NTQP32.DLL (file missing)
O2 - BHO: Class - {6481A74E-11A7-BC71-966D-4791EF54F819} - C:\WINDOWS\SYSTEM\MFCYI.DLL (file missing)
O2 - BHO: Class - {E932D92E-8970-9789-B6C8-5C0899F1BA68} - C:\WINDOWS\NTEM.DLL (file missing)
O2 - BHO: Class - {FE7DA5DC-FF9A-D595-16A7-CD3477C19792} - C:\WINDOWS\SYSTEM\NTSB.DLL (file missing)
O2 - BHO: Class - {CAAF23E8-21EA-00AC-AD34-0E563C201249} - C:\WINDOWS\SYSTEM\ADDNP.DLL (file missing)
O2 - BHO: Class - {849E652D-E279-49D1-44C6-6C7123362280} - C:\WINDOWS\D3SR32.DLL (file missing)
O2 - BHO: Class - {037588D0-ABA3-9096-398A-8C5DEE42850A} - C:\WINDOWS\SYSTEM\NTGX32.DLL (file missing)
O2 - BHO: Class - {986CA180-DD63-9CC3-E67A-FBCE4FA6C925} - C:\WINDOWS\SYSTEM\SYSMO32.DLL (file missing)
O2 - BHO: Class - {7C6B1B90-72B2-DA3C-C21A-E430CE5E5C4E} - C:\WINDOWS\SYSTEM\NTWV32.DLL (file missing)
O2 - BHO: Class - {56F16B37-AA14-CDB1-B756-942866985F16} - C:\WINDOWS\ADDJK32.DLL (file missing)
O2 - BHO: Class - {60315168-4625-9371-95C8-1DF81A38AF24} - C:\WINDOWS\JAVAQN32.DLL (file missing)
O2 - BHO: Class - {D36C88C7-7E35-0307-C208-883012F4227C} - C:\WINDOWS\ATLDB32.DLL (file missing)
O2 - BHO: Class - {5FFCA022-FA50-3120-C21F-E6C00C517716} - C:\WINDOWS\D3OP32.DLL (file missing)
O2 - BHO: Class - {E8F8DF77-A372-CB3E-F005-44B07E1086DE} - C:\WINDOWS\CRZY.DLL (file missing)
O2 - BHO: Class - {11B10CF2-B2B6-4BF8-5E57-FC69DB5570B5} - C:\WINDOWS\SYSTEM\ADDPJ.DLL (file missing)
O2 - BHO: Class - {4DB64B88-0933-55E1-5343-261A238D2B60} - C:\WINDOWS\NTFK32.DLL (file missing)
O2 - BHO: Class - {3DBE3B76-3521-BE11-EDF8-9D6FD61F6027} - C:\WINDOWS\APPLE32.DLL (file missing)
O2 - BHO: Class - {8BCAECE1-BD48-E057-0435-F351137FC682} - C:\WINDOWS\SYSTEM\SDKSG32.DLL (file missing)
O2 - BHO: Class - {EA18C985-9D47-72A6-0895-62594F8F22B3} - C:\WINDOWS\SYSLD32.DLL (file missing)
O2 - BHO: Class - {7D8E5715-041E-8F79-658E-5B534037FDF6} - C:\WINDOWS\SYSTEM\ATLIM.DLL (file missing)
O2 - BHO: Class - {341BB010-C2FC-0291-0C0B-03CA46CB74BD} - C:\WINDOWS\SYSHY32.DLL (file missing)
O2 - BHO: Class - {B46E1113-30C3-D6F5-A9AD-77F24D480A73} - C:\WINDOWS\SYSTEM\APPLE.DLL (file missing)
O2 - BHO: Class - {FB1F47E7-B99C-4337-DC91-75A8A370C44C} - C:\WINDOWS\SYSTEM\IPXE.DLL (file missing)
O2 - BHO: Class - {B1E8457D-0E36-B49E-109D-60340CBABC61} - C:\WINDOWS\SYSTEM\APPFQ.DLL (file missing)
O2 - BHO: Class - {FCB51F0E-2C0D-0B31-D324-1F2349F7433A} - C:\WINDOWS\ADDPU32.DLL (file missing)
O2 - BHO: Class - {B77E50A7-B32B-750C-907E-92AD1F76461E} - C:\WINDOWS\SDKMW32.DLL (file missing)
O2 - BHO: Class - {8BE5B60C-8756-9F71-6279-292C14490AD2} - C:\WINDOWS\APIJG.DLL (file missing)
O2 - BHO: Class - {DF6C88D3-FA3F-481B-70C2-BD5213D346AF} - C:\WINDOWS\MFCVB.DLL (file missing)
O2 - BHO: Class - {D8EBA955-BBFA-BAB8-5557-DDEAB9B1EC6B} - C:\WINDOWS\SYSTEM\SYSSY.DLL (file missing)
O2 - BHO: Class - {1674284A-8455-4CAD-A2EE-1F19720A1BDB} - C:\WINDOWS\SYSTEM\JAVAGG32.DLL (file missing)
O2 - BHO: Class - {C2E7372D-7966-AE9D-84A5-B6BC009118C4} - C:\WINDOWS\SYSTEM\CRUC.DLL (file missing)
O2 - BHO: Class - {03370B54-7064-0AB4-E47D-570A8BB29E0D} - C:\WINDOWS\IEWX32.DLL (file missing)
O2 - BHO: Class - {ABCE7D97-8F61-AE41-A751-767BDB1A0E6A} - C:\WINDOWS\NTSY.DLL (file missing)
O2 - BHO: Class - {EC5F1AF3-CF0D-5AC3-A2FD-C4AD27BAD24A} - C:\WINDOWS\SYSXD32.DLL (file missing)
O2 - BHO: Class - {CF145BE5-8395-2DAC-12CC-2CCDA9B7F330} - C:\WINDOWS\CRYG.DLL (file missing)
O2 - BHO: Class - {0338CADD-858F-3942-A1BF-3990BAAC16E0} - C:\WINDOWS\APPFX.DLL (file missing)
O2 - BHO: Class - {7148321E-D1B0-F759-E463-0E16B398180E} - C:\WINDOWS\IPQH.DLL (file missing)
O2 - BHO: Class - {70C06EC5-199D-FEF2-7785-6D008B0AC3BA} - C:\WINDOWS\JAVAAU.DLL (file missing)
O2 - BHO: Class - {194A8294-F83E-CA17-E140-04A2CC652EDD} - C:\WINDOWS\SYSTEM\ADDRS32.DLL (file missing)
O2 - BHO: Class - {A27C013B-CDD5-2A7F-6907-072E058D3304} - C:\WINDOWS\SYSTEM\MFCHB32.DLL (file missing)
O2 - BHO: Class - {4907C9FA-B308-2D69-C19A-9B28CC732FD5} - C:\WINDOWS\APIPA32.DLL (file missing)
O2 - BHO: Class - {BEE04A74-44DB-87EF-F49F-DD32EFD32F05} - C:\WINDOWS\SYSTEM\NTTG.DLL (file missing)
O2 - BHO: Class - {CE7E5D04-FF5F-7AF8-E7DC-8BD90C518DC7} - C:\WINDOWS\SYSTEM\CRDT32.DLL (file missing)
O2 - BHO: Class - {A802C18C-3FF3-316D-3A20-4593FE7A704A} - C:\WINDOWS\SYSTEM\IPEI32.DLL (file missing)
O2 - BHO: Class - {10E75D9A-AF57-F581-EC15-93E69DC0D484} - C:\WINDOWS\NTLO32.DLL (file missing)
O2 - BHO: Class - {8FF4CF17-CF7D-661D-1AF2-007DABE213F5} - C:\WINDOWS\SYSTEM\MSDM.DLL (file missing)
O2 - BHO: Class - {38EC14CC-C206-2CC6-4F50-92CDF97CCE41} - C:\WINDOWS\IPRB32.DLL (file missing)
O2 - BHO: Class - {6736D7AF-1767-D4C9-12FD-04BEE4128A75} - C:\WINDOWS\WINJR32.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAMMER\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SXGDSENU] SXGDSENU.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe /NORESTART
O4 - HKLM\..\Run: [CPQEASYACC] "C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\Cpqeaui.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\app\lwbwheel.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [McAfee Guardian] "C:\PROGRAMMER\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] C:\Programmer\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [SDKVI32.EXE] C:\WINDOWS\SYSTEM\SDKVI32.EXE
O4 - HKLM\..\RunServices: [APIFS32.EXE] C:\WINDOWS\APIFS32.EXE
O4 - HKLM\..\RunServices: [IPID.EXE] C:\WINDOWS\SYSTEM\IPID.EXE
O4 - HKLM\..\RunServices: [APIHW32.EXE] C:\WINDOWS\SYSTEM\APIHW32.EXE
O4 - HKLM\..\RunServices: [ADDQO.EXE] C:\WINDOWS\ADDQO.EXE
O4 - HKLM\..\RunServices: [ATLFW.EXE] C:\WINDOWS\ATLFW.EXE
O4 - HKLM\..\RunServices: [APPXI32.EXE] C:\WINDOWS\APPXI32.EXE
O4 - HKLM\..\RunServices: [JAVAFD32.EXE] C:\WINDOWS\JAVAFD32.EXE
O4 - HKLM\..\RunServices: [SDKQF32.EXE] C:\WINDOWS\SYSTEM\SDKQF32.EXE
O4 - HKLM\..\RunServices: [NTGL32.EXE] C:\WINDOWS\SYSTEM\NTGL32.EXE
O4 - HKLM\..\RunServices: [ADDCB.EXE] C:\WINDOWS\SYSTEM\ADDCB.EXE
O4 - HKLM\..\RunServices: [SDKAK.EXE] C:\WINDOWS\SDKAK.EXE
O4 - HKLM\..\RunServices: [APPDR.EXE] C:\WINDOWS\SYSTEM\APPDR.EXE
O4 - HKLM\..\RunServices: [MSMG32.EXE] C:\WINDOWS\MSMG32.EXE
O4 - HKLM\..\RunServices: [CRYE.EXE] C:\WINDOWS\CRYE.EXE
O4 - HKLM\..\RunServices: [APPFF32.EXE] C:\WINDOWS\APPFF32.EXE
O4 - HKLM\..\RunServices: [CRPJ32.EXE] C:\WINDOWS\SYSTEM\CRPJ32.EXE
O4 - HKLM\..\RunServices: [SDKGU32.EXE] C:\WINDOWS\SYSTEM\SDKGU32.EXE
O4 - HKLM\..\RunServices: [APIGP32.EXE] C:\WINDOWS\APIGP32.EXE
O4 - HKLM\..\RunServices: [SYSKP.EXE] C:\WINDOWS\SYSTEM\SYSKP.EXE
O4 - HKLM\..\RunServices: [JAVAWG.EXE] C:\WINDOWS\SYSTEM\JAVAWG.EXE
O4 - HKLM\..\RunServices: [IPBO32.EXE] C:\WINDOWS\IPBO32.EXE
O4 - HKLM\..\RunServices: [APIHT.EXE] C:\WINDOWS\SYSTEM\APIHT.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [NTHX32.EXE] C:\WINDOWS\NTHX32.EXE
O4 - HKLM\..\RunServices: [NETKB.EXE] C:\WINDOWS\SYSTEM\NETKB.EXE
O4 - HKLM\..\RunServices: [MFCEH.EXE] C:\WINDOWS\SYSTEM\MFCEH.EXE
O4 - HKLM\..\RunServices: [ADDXL32.EXE] C:\WINDOWS\SYSTEM\ADDXL32.EXE
O4 - HKLM\..\RunServices: [APIKM32.EXE] C:\WINDOWS\APIKM32.EXE
O4 - HKLM\..\RunServices: [WINEX32.EXE] C:\WINDOWS\WINEX32.EXE
O4 - HKLM\..\RunServices: [ATLIR32.EXE] C:\WINDOWS\SYSTEM\ATLIR32.EXE
O4 - HKLM\..\RunServices: [MFCNI.EXE] C:\WINDOWS\SYSTEM\MFCNI.EXE
O4 - HKLM\..\RunServices: [ATLZP32.EXE] C:\WINDOWS\SYSTEM\ATLZP32.EXE
O4 - HKLM\..\RunServices: [APIIG.EXE] C:\WINDOWS\APIIG.EXE
O4 - HKLM\..\RunServices: [ADDHZ.EXE] C:\WINDOWS\SYSTEM\ADDHZ.EXE
O4 - HKLM\..\RunServices: [SYSSE32.EXE] C:\WINDOWS\SYSTEM\SYSSE32.EXE
O4 - HKLM\..\RunServices: [MFCXB32.EXE] C:\WINDOWS\MFCXB32.EXE
O4 - HKLM\..\RunServices: [NETXW.EXE] C:\WINDOWS\SYSTEM\NETXW.EXE
O4 - HKLM\..\RunServices: [NTSE32.EXE] C:\WINDOWS\SYSTEM\NTSE32.EXE
O4 - HKLM\..\RunServices: [ADDHR32.EXE] C:\WINDOWS\ADDHR32.EXE
O4 - HKLM\..\RunServices: [D3QY.EXE] C:\WINDOWS\D3QY.EXE
O4 - HKLM\..\RunServices: [SYSZQ.EXE] C:\WINDOWS\SYSZQ.EXE
O4 - HKLM\..\RunServices: [SDKAB32.EXE] C:\WINDOWS\SYSTEM\SDKAB32.EXE
O4 - HKLM\..\RunServices: [CRQN.EXE] C:\WINDOWS\CRQN.EXE
O4 - HKLM\..\RunServices: [SYSTT32.EXE] C:\WINDOWS\SYSTEM\SYSTT32.EXE
O4 - HKLM\..\RunServices: [D3IK.EXE] C:\WINDOWS\SYSTEM\D3IK.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [McAfee.InstantUpdate.Monitor] "C:\Programmer\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Camio Viewer.lnk = C:\Programmer\Dell Computer\Dell Image Expert\IXApplet.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Hermed den nye log jeg skynder mig at sende inden skidtet går ned igen.
Avatar billede andersenph Nybegynder
12. august 2004 - 23:24 #30
Ved du hvad...
Formatter den. Det der bliver du aldrig kvit ellers....
Avatar billede mogensd Nybegynder
13. august 2004 - 11:22 #31
Det er jeg godt nok ked af at høre - er der virkelig ikke andre muligheder ?
Hvad hedder den virus/spy jeg er ramt af, kan man se det ?
Avatar billede andersenph Nybegynder
13. august 2004 - 11:54 #32
Det er CoolWebsearch i værste grad du har fået ind på din maskine.

Hver gang du starter din maskine kommer der nye filer til.
Det vil sige at dem vi lige har fjernet med Hijackthis og de andre programmer, bare bliver erstattet af nye.
Oven i det ændrer filnavnene sig også hele tiden.

Vi kan godt gøre et forsøg mere, hvis du vil?

Så gør vi det nu og så sender du en log ind med de filer der er på maskinen nu.
Du må ikke lukke maskinen ned efter du har sendt loggen ind til mig.
Så kommer jeg tilbage med hvad du skal fixe.

Skal vi prøve det?
Avatar billede andersenph Nybegynder
13. august 2004 - 12:59 #33
http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix,
se også http://www.members.shaw.ca/pccruiser/remove.htm#SPHJFIX

Prøv lige denne og se om det hjælper.

Vi må finde et tidspunkt, hvor vi begge er online og har GOD tid :O)
Avatar billede mogensd Nybegynder
13. august 2004 - 23:33 #34
Ja, den er jeg helt med på, hvis mine evner ellers rækker. Er iøvrigt fuld af lovprisninger over den fine service man får her. Der er nok lige nogle ting jeg skal have foretaget først, hvorefter jeg vil prøve dine sidste anvisninger og skal så nok vende tilbage.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:48 Bred buet skærm vs. 2 skærme Af Nanarsi i Skærme
I går 18:07 Tilslut printer til netværk med WPS - hvis WPS slukkes på Router mistes forbindelse. Af Uvanga i Wifi
11/0521:05 Questyle M15i lydforstærker Af valby i Diverse
11/0518:27 Mærkeligt ikon på proceslinjen Af ErikHg i Windows
11/0513:54 Jeg skal have indstaleret Garmin express Af skolevej321 i Andet software
White papers
Flere white papers »