Søg
Avatar billede ranudo Nybegynder
28. november 2004 - 11:00 Der er 4 kommentarer

Fjernelse af - My search-med tilhørende hot bar og genvejstaster.

My search med hotbar og 6 generende programgenvejstaster popper op jævnligt,når jeg åbner min internet explorer som har www.ni.dk som åbningsside-den tilsidesætter også jævnligt ni.dk som åbningsside,så jeg bliver nødt til at gå ind i indstillinger og genindsætte ni.dk som åbningsside.På skrivebordet popper 6 programmer op-bl.a. Travel-Casino-Internet-website hosting m.fl.

Hvordan fjerner jeg My search ? -Har forsøgt i Tilføj/Fjern programmer uden at det er lykkedes at fjerne det.
Avatar billede arlet Juniormester
28. november 2004 - 11:04 #1
Hent en hijackthis : http://www.arlet.dk/hjt.htm
Avatar billede ranudo Nybegynder
29. november 2004 - 20:16 #2
Logfile of HijackThis v1.98.2
Scan saved at 18:52:55, on 29-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Hej Arlet. Tak for anvisningen-hermed det anviste.

Hilsen ranudo

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Programmer\Browser mouse\1.1\mouse32a.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe
C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\MemoKit\memokit2.exe
C:\Programmer\Logitech\Video\LowLight.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Francis\Skrivebord\Ny mappe\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chodwxwlamktiaiwbdtbpwh.com/v1wlPSSQ/46PF0Sx1q/lgel0yDN989gzptXRuN/yToFjwBwiPO9aVfDITqKyPGjW.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopupKiller Class - {49E489BF-C4B8-11D6-9547-00C0DFF1DE9E} - C:\Programmer\NoPops\PopupKiller.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1C59E99-DFAB-3772-4C95-E5981E43AB89} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O2 - BHO: (no name) - {EA066B3F-4275-332A-1AAC-FE7EDA963345} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WAVE SOFTWARE REGS 4] C:\Documents and Settings\All Users\Application Data\test surf wave software\32 Window.exe
O4 - HKLM\..\Run: [SportsAgenten 2.0 Ikon] "C:\Programmer\SportsAgenten 2.0 ikon\IconServer.exe" SportsAgenten2.dll
O4 - HKLM\..\Run: [Chin Chic Thunk Enc] C:\Documents and Settings\All Users\Application Data\Greatmailchinchic\Face knob.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [PopUpInspector] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [extra dvd] C:\DOCUME~1\Francis\APPLIC~1\ABOUTF~1\WMA LESS.exe
O4 - Startup: Reboot.exe
O4 - Startup: MemoKit.lnk = C:\Programmer\MemoKit\mk.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\allowsite.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://preview.adult-key.net/dialer/goin/1/dialer_activex.cab

Logfile of HijackThis v1.98.2
Scan saved at 18:52:55, on 29-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Programmer\Browser mouse\1.1\mouse32a.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe
C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\MemoKit\memokit2.exe
C:\Programmer\Logitech\Video\LowLight.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Francis\Skrivebord\Ny mappe\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chodwxwlamktiaiwbdtbpwh.com/v1wlPSSQ/46PF0Sx1q/lgel0yDN989gzptXRuN/yToFjwBwiPO9aVfDITqKyPGjW.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopupKiller Class - {49E489BF-C4B8-11D6-9547-00C0DFF1DE9E} - C:\Programmer\NoPops\PopupKiller.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1C59E99-DFAB-3772-4C95-E5981E43AB89} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O2 - BHO: (no name) - {EA066B3F-4275-332A-1AAC-FE7EDA963345} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WAVE SOFTWARE REGS 4] C:\Documents and Settings\All Users\Application Data\test surf wave software\32 Window.exe
O4 - HKLM\..\Run: [SportsAgenten 2.0 Ikon] "C:\Programmer\SportsAgenten 2.0 ikon\IconServer.exe" SportsAgenten2.dll
O4 - HKLM\..\Run: [Chin Chic Thunk Enc] C:\Documents and Settings\All Users\Application Data\Greatmailchinchic\Face knob.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [PopUpInspector] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [extra dvd] C:\DOCUME~1\Francis\APPLIC~1\ABOUTF~1\WMA LESS.exe
O4 - Startup: Reboot.exe
O4 - Startup: MemoKit.lnk = C:\Programmer\MemoKit\mk.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\allowsite.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://preview.adult-key.net/dialer/goin/1/dialer_activex.cab

Logfile of HijackThis v1.98.2
Scan saved at 18:52:55, on 29-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Programmer\Browser mouse\1.1\mouse32a.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe
C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\MemoKit\memokit2.exe
C:\Programmer\Logitech\Video\LowLight.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Francis\Skrivebord\Ny mappe\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chodwxwlamktiaiwbdtbpwh.com/v1wlPSSQ/46PF0Sx1q/lgel0yDN989gzptXRuN/yToFjwBwiPO9aVfDITqKyPGjW.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopupKiller Class - {49E489BF-C4B8-11D6-9547-00C0DFF1DE9E} - C:\Programmer\NoPops\PopupKiller.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1C59E99-DFAB-3772-4C95-E5981E43AB89} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O2 - BHO: (no name) - {EA066B3F-4275-332A-1AAC-FE7EDA963345} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WAVE SOFTWARE REGS 4] C:\Documents and Settings\All Users\Application Data\test surf wave software\32 Window.exe
O4 - HKLM\..\Run: [SportsAgenten 2.0 Ikon] "C:\Programmer\SportsAgenten 2.0 ikon\IconServer.exe" SportsAgenten2.dll
O4 - HKLM\..\Run: [Chin Chic Thunk Enc] C:\Documents and Settings\All Users\Application Data\Greatmailchinchic\Face knob.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [PopUpInspector] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [extra dvd] C:\DOCUME~1\Francis\APPLIC~1\ABOUTF~1\WMA LESS.exe
O4 - Startup: Reboot.exe
O4 - Startup: MemoKit.lnk = C:\Programmer\MemoKit\mk.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\allowsite.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://preview.adult-key.net/dialer/goin/1/dialer_activex.cab

Logfile of HijackThis v1.98.2
Scan saved at 18:52:55, on 29-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
C:\Programmer\Browser mouse\1.1\mouse32a.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe
C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe
C:\Programmer\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\MemoKit\memokit2.exe
C:\Programmer\Logitech\Video\LowLight.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Francis\Skrivebord\Ny mappe\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chodwxwlamktiaiwbdtbpwh.com/v1wlPSSQ/46PF0Sx1q/lgel0yDN989gzptXRuN/yToFjwBwiPO9aVfDITqKyPGjW.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopupKiller Class - {49E489BF-C4B8-11D6-9547-00C0DFF1DE9E} - C:\Programmer\NoPops\PopupKiller.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1C59E99-DFAB-3772-4C95-E5981E43AB89} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O2 - BHO: (no name) - {EA066B3F-4275-332A-1AAC-FE7EDA963345} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programmer\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Programmer\Browser mouse\1.1\mouse32a.exe
O4 - HKLM\..\Run: [siService.exe] "C:\Programmer\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [WAVE SOFTWARE REGS 4] C:\Documents and Settings\All Users\Application Data\test surf wave software\32 Window.exe
O4 - HKLM\..\Run: [SportsAgenten 2.0 Ikon] "C:\Programmer\SportsAgenten 2.0 ikon\IconServer.exe" SportsAgenten2.dll
O4 - HKLM\..\Run: [Chin Chic Thunk Enc] C:\Documents and Settings\All Users\Application Data\Greatmailchinchic\Face knob.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\Run: [PopUpInspector] "C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Programmer\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [extra dvd] C:\DOCUME~1\Francis\APPLIC~1\ABOUTF~1\WMA LESS.exe
O4 - Startup: Reboot.exe
O4 - Startup: MemoKit.lnk = C:\Programmer\MemoKit\mk.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\allowsite.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\GIANT Company Software inc\PopUp Inspector\denysite.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\GIANT Company Software inc\PopUp Inspector\PopUpInspector.exe (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://preview.adult-key.net/dialer/goin/1/dialer_activex.cab
Avatar billede arlet Juniormester
29. november 2004 - 20:18 #3
Det var nok med en logfil, du har sendt 4 af den samme*S*

Det betyder ikke noget...

Der er meget snavs i...

Jeg tjekker den nu...
Avatar billede arlet Juniormester
29. november 2004 - 20:24 #4
Du skal hente Lspfix http://www.cexx.org/LSPFix.exe og trykke gem og lægge den på dit skrivebord. Du har noget snavs der når vi fjerner det måske ødelægger din netforbindelse. Hvis du mister internetforbindelsen når du fixer de ting jeg kommer med skal du kører det lspfix, starte det, klik til fuld skærm, markere I know what I am doing og klikke på finish, genstart og lav en ny logfil, som du smider herind.

Husk kun at bruge det lsp-fix, hvis din netforbindelse ryger...

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chodwxwlamktiaiwbdtbpwh.com/v1wlPSSQ/46PF0Sx1q/lgel0yDN989gzptXRuN/yToFjwBwiPO9aVfDITqKyPGjW.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1C59E99-DFAB-3772-4C95-E5981E43AB89} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe
O2 - BHO: (no name) - {EA066B3F-4275-332A-1AAC-FE7EDA963345} - C:\DOCUME~1\Francis\APPLIC~1\CAKEFI~1\Encstart.exe

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WAVE SOFTWARE REGS 4] C:\Documents and Settings\All Users\Application Data\test surf wave software\32 Window.exe
O4 - HKLM\..\Run: [Chin Chic Thunk Enc] C:\Documents and Settings\All Users\Application Data\Greatmailchinchic\Face knob.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [extra dvd] C:\DOCUME~1\Francis\APPLIC~1\ABOUTF~1\WMA LESS.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: GStartup.lnk = ?

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/CursorManiaInitialSetup1.0.0.6.cab
O16 - DPF: {55A548B3-AFA8-41E3-8057-FD24931C6388} (FXExec Control) - http://216.87.37.188/app/FXCtrl.cab
O16 - DPF: {D53B810F-6219-11D4-95B6-0040950375E7} - http://preview.adult-key.net/dialer/goin/1/dialer_activex.cab



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet manuelt i fejlsikret(f8 ved opstart):

C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Hotbar<- hele mappen
C:\Documents and Settings\All Users\Application Data\test surf wave software\32 Window.exe
C:\Documents and Settings\All Users\Application Data\Greatmailchinchic\Face knob.exe
C:\DOCUME~1\Francis\APPLIC~1\ABOUTF~1\WMA LESS.exe
C:\Programmer\PrecisionTime<- hele mappen
C:\Programmer\Date Manager<- hele mappen


------------------------------------------------

Hent og kør ad-aware herfra: http://www.arlet.dk/spywarescanner.htm
slet alt hvad den finder

----------------------------------------------------------

Hent og kør denne scanner fra Kaspersky : http://www.arlet.dk/mwti.htm
Slet alt hvad den finder

----------------------------------------------------------

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Browsere kategorien

Titel Indlæg Oprettet Seneste aktivitet
lukkede cookies i microsoft edge Af ole falsted i Browsere 4 26/10/202517:02 01/11/202514:19
Firefox: Hvordan forhindrer jeg DOOM i altid at loade ved start af firefox? Af KurtG i Browsere 7 13/10/202517:21 14/10/202508:42
Gøre højden af tabelrække mindre Af KurtG i Browsere 1 08/10/202509:39 08/10/202509:41
Kan ikke logge på HBO Max på pc Af Finn-Erik i Browsere 2 06/10/202516:52 14/10/202511:55
Lukket ude Af arnel i Browsere 1 05/10/202512:37 05/10/202514:14
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:53 Icloud mail via Outlook Af lbc i E-mail programmer
I dag 08:32 USB NØGLE gratis Af nu_igen i Andet hardware
I går 21:11 Hvordan får jeg reCAPTCHA på min hjemmeside? Af Strawberry i PHP
I går 16:10 Tomt felt i Start Af ErikHg i Windows
19/0123:00 Hyperlink til tekst Af Nanarsi i Excel
White papers
Flere white papers »