Notifikationer

Markér alle som læst Log ud

alai Nybegynder

25. januar 2005 - 10:49 Der er 24 kommentarer og
1 løsning

hjælp til væk search bar

hvordan fjerne min search bart....

her er min.... hijackthis.log

Logfile of HijackThis v1.99.0
Scan saved at 10:38:26, on 25-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\AvidSDMService.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\WINDOWS\system32\crypserv.exe
F:\Programmer\NavNT\defwatch.exe
F:\Programmer\NavNT\rtvscan.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\System32\MsgSys.EXE
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Creative\ShareDLL\CtNotify.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\NavNT\vptray.exe
F:\Programmer\QuickTime\qttask.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\Programmer\Parallel Tasking\ptask.exe
F:\Programmer\Creative\ShareDLL\MediaDet.Exe
F:\Programmer\BullsEye Network\bin\bargains.exe
F:\WINDOWS\jicycy.exe
F:\Programmer\ISTsvc\istsvc.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Programmer\Internet Explorer\iexplore.exe
F:\Documents and Settings\Alaikal\Skrivebord\hjt\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - F:\WINDOWS\webdlg32.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - F:\WINDOWS\Downloaded Program Files\ipreg32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - F:\WINDOWS\webdlg32.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - F:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - F:\WINDOWS\winsx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - F:\WINDOWS\webdlg32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] F:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] F:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] F:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Parallel Tasking] F:\Programmer\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [BullsEye Network] F:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [KGNy3eJo9] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ] ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ] ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ] ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ] ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [IST Service] F:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://f:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Programmer\SideFind\sidefind.dll
O16 - DPF: DigiChat Applet - http://host9.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101202828859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O23 - Service: Apache - Unknown - F:\WEBSRV\APACHE\Apache\Apache.exe (file missing)
O23 - Service: Avid SDM Service - Avid Technology, Inc. - F:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup - Unknown - F:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - crypserv.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Programmer\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - F:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ZESOFT - Unknown - F:\WINDOWS\zeta.exe

Synes godt om

kalp Novice

25. januar 2005 - 10:57 #1

jeg kigger lige

Synes godt om

alai Nybegynder

25. januar 2005 - 11:09 #2

tak...

Synes godt om

kalp Novice

25. januar 2005 - 11:15 #3

Download http://securityresponse.symantec.com/avcenter/FxIstbar.exe (vi skal bruge den senere)

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Kør FxIstbar.exe lad den fikse hvad den finder

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - F:\WINDOWS\webdlg32.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll
O2 - BHO: CDownCom Class - {031B6D43-CBC4-46A5-8E46-CF8B407C1A33} - F:\WINDOWS\Downloaded Program Files\ipreg32.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - F:\WINDOWS\webdlg32.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - F:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - F:\WINDOWS\winsx.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - F:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - F:\WINDOWS\webdlg32.dll
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BullsEye Network] F:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [KGNy3eJo9] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ] ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ] ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ] ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ] ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe

O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [IST Service] F:\Programmer\ISTsvc\istsvc.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Programmer\SideFind\sidefind.dll
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O23 - Service: ZESOFT - Unknown - F:\WINDOWS\zeta.exe

Find og slet:

Filer

F:\WINDOWS\jicycy.exe
F:\WINDOWS\zeta.exe

Mapper

F:\Programmer\Fælles filer\Real\Update_OB\
F:\Programmer\BullsEye Network\
F:\Programmer\ISTsvc\
F:\Programmer\SideFind\

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Slet disse filer

F:\WINDOWS\webdlg32.dll
F:\WINDOWS\nem220.dll
F:\WINDOWS\Downloaded Program Files\ipreg32.dll
F:\WINDOWS\webdlg32.dll
F:\WINDOWS\System32\DSMANA~1.DLL
F:\WINDOWS\winsx.dll
F:\WINDOWS\System32\msbe.dll
F:\WINDOWS\webdlg32.dll

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart normalt og smid en ny log fil herind

Der er temmelig meget i din log:)

Synes godt om

kalp Novice

25. januar 2005 - 11:15 #4

angående
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

hvis den noget du bruger behøver du ikke fikse den.. jeg kender den bare ikke

Synes godt om

alai Nybegynder

25. januar 2005 - 12:35 #5

Jeg kunne ikke slette

F:\Programmer\ISTsvc\
F:\WINDOWS\jicycy.exe

Logfile of HijackThis v1.99.0
Scan saved at 12:33:30, on 25-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\AvidSDMService.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\WINDOWS\system32\crypserv.exe
F:\Programmer\NavNT\defwatch.exe
F:\Programmer\NavNT\rtvscan.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Creative\ShareDLL\CtNotify.exe
F:\Programmer\NavNT\vptray.exe
F:\Programmer\QuickTime\qttask.exe
F:\Programmer\Parallel Tasking\ptask.exe
F:\WINDOWS\jicycy.exe
F:\Programmer\Creative\ShareDLL\MediaDet.Exe
F:\Programmer\ISTsvc\istsvc.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\WINDOWS\System32\MsgSys.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Alaikal\Skrivebord\hjt\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] F:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] F:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] F:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Parallel Tasking] F:\Programmer\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKLM\..\Run: [IST Service] F:\Programmer\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://f:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: DigiChat Applet - http://host9.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101202828859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Apache - Unknown - F:\WEBSRV\APACHE\Apache\Apache.exe (file missing)
O23 - Service: Avid SDM Service - Avid Technology, Inc. - F:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup - Unknown - F:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - F:\Programmer\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - F:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

25. januar 2005 - 12:36 #6

var du i fejlsikret tilstand da du udførte proceduren?

Synes godt om

alai Nybegynder

25. januar 2005 - 12:37 #7

Synes godt om

kalp Novice

25. januar 2005 - 12:39 #8

Klik Start > Kør.
Skriv regedit > OK.

Naviger hen til følgende:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I højre side slet følgende:

"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"

Naviger her hen og slet:

HKEY_LOCAL_MACHINE\Software\ISTsvc

Luk regedit..

og udfør min guide igen

Download

http://www.docsdownloads.com/download/DD.zip

alt der ikke kan slettes sletter du med det program.

Synes godt om

alai Nybegynder

25. januar 2005 - 12:45 #9

okau nu har jeg slettet det..

Synes godt om

kalp Novice

25. januar 2005 - 12:45 #10

ny log

Synes godt om

kalp Novice

25. januar 2005 - 12:46 #11

husk at genstart først

Synes godt om

alai Nybegynder

25. januar 2005 - 12:50 #12

Logfile of HijackThis v1.99.0
Scan saved at 12:50:07, on 25-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\AvidSDMService.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\WINDOWS\system32\crypserv.exe
F:\Programmer\NavNT\defwatch.exe
F:\Programmer\NavNT\rtvscan.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\System32\MsgSys.EXE
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Creative\ShareDLL\CtNotify.exe
F:\Programmer\NavNT\vptray.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\QuickTime\qttask.exe
F:\Programmer\Parallel Tasking\ptask.exe
F:\Programmer\ISTsvc\istsvc.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\Creative\ShareDLL\MediaDet.Exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\Documents and Settings\Alaikal\Skrivebord\hjt\hjt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] F:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] F:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] F:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Parallel Tasking] F:\Programmer\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKLM\..\Run: [IST Service] F:\Programmer\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://f:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: DigiChat Applet - http://host9.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101202828859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Apache - Unknown - F:\WEBSRV\APACHE\Apache\Apache.exe (file missing)
O23 - Service: Avid SDM Service - Avid Technology, Inc. - F:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup - Unknown - F:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - F:\Programmer\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - F:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

25. januar 2005 - 12:54 #13

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [IST Service] F:\Programmer\ISTsvc\istsvc.exe

Find og slet:

Mapper

F:\Programmer\ISTsvc

Dette er bare et tjek.. hvis det er der skal det slettes

Klik Start > Kør.
Skriv regedit > OK.

Naviger hen til følgende:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I højre side slet følgende:

"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"

Naviger her hen og slet:

HKEY_LOCAL_MACHINE\Software\ISTsvc

Luk regedit..

og udfør min guide igen

Genstart normalt og ny log

Synes godt om

kalp Novice

25. januar 2005 - 13:11 #14

Jeg vender tilbage i aften.. det er sådan set det sidste i din log og satser på den er væk i den næste log hvis udført korrekt.

Synes godt om

alai Nybegynder

25. januar 2005 - 13:12 #15

Logfile of HijackThis v1.99.0
Scan saved at 13:12:27, on 25-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\AvidSDMService.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\WINDOWS\system32\crypserv.exe
F:\Programmer\NavNT\defwatch.exe
F:\Programmer\NavNT\rtvscan.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Creative\ShareDLL\CtNotify.exe
F:\Programmer\NavNT\vptray.exe
F:\Programmer\QuickTime\qttask.exe
F:\Programmer\Parallel Tasking\ptask.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\Creative\ShareDLL\MediaDet.Exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\WINDOWS\System32\MsgSys.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Programmer\Internet Explorer\iexplore.exe
F:\Documents and Settings\Alaikal\Skrivebord\hjt\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] F:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] F:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] F:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Parallel Tasking] F:\Programmer\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://f:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: DigiChat Applet - http://host9.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101202828859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Apache - Unknown - F:\WEBSRV\APACHE\Apache\Apache.exe (file missing)
O23 - Service: Avid SDM Service - Avid Technology, Inc. - F:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup - Unknown - F:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - F:\Programmer\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - F:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

25. januar 2005 - 13:19 #16

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

genstart normalt og ny log

nu tror jeg den er der!

Synes godt om

alai Nybegynder

25. januar 2005 - 16:03 #17

Logfile of HijackThis v1.99.0
Scan saved at 16:02:09, on 25-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\AvidSDMService.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\WINDOWS\system32\crypserv.exe
F:\Programmer\NavNT\defwatch.exe
F:\Programmer\NavNT\rtvscan.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Creative\ShareDLL\CtNotify.exe
F:\Programmer\NavNT\vptray.exe
F:\Programmer\QuickTime\qttask.exe
F:\Programmer\Parallel Tasking\ptask.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\Creative\ShareDLL\MediaDet.Exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\WINDOWS\System32\MsgSys.EXE
F:\Documents and Settings\Alaikal\Skrivebord\hjt\hjt.exe
F:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] F:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] F:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] F:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Parallel Tasking] F:\Programmer\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://f:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: DigiChat Applet - http://host9.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101202828859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Apache - Unknown - F:\WEBSRV\APACHE\Apache\Apache.exe (file missing)
O23 - Service: Avid SDM Service - Avid Technology, Inc. - F:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup - Unknown - F:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - F:\Programmer\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - F:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

Synes godt om

ejvindh Ekspert

25. januar 2005 - 16:30 #18

Spyfighter er uvederhæftig anti-spyware, og det kan derfor anbefales at afinstallere det:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Brug Spybot, Adaware eller Spysweeper (den sidste koster, men er også meget god) istedet.

Det løser dog ikke det mere vedholdende problem her...

Synes godt om

tonnybrandt Nybegynder

25. januar 2005 - 17:43 #19

Genstart i fejlsikret tilstand.

Klik start | kør, skriv regedit og tryk enter.
Naviger hen til følgende:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I højre side slet følgende:

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÔ]ú"ü‰üžiF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
[¢‰¸u0Ô@ÔÁÔÁÔ]ú"ü‰üF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
[¢‰¸u0ÔÁÔ]ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
[¢‰¸u0Ô@ÔÁÔ]ú"ü‰¸u0F:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe
[¢‰¸u0ÔÁÔ]§ú"ü‰üžigÝF:\Programmer\ISTsvc\istsvc.exe] F:\WINDOWS\jicycy.exe

Luk regedit

Klik start | æør, skriv cmd og tryk enter.
Skriv disse kommendoer en efter en og tryk enter.
attrib -h -r -s F:\WINDOWS\jicycy.exe
del /f F:\WINDOWS\jicycy.exe

Genstart og kom med en ny log.

Og så synes jeg du skulle følge ejvindh's råd mht spyfighter.

Du kan se mere om præventiv beskyttelse af din pc her:
http://www.spywarefri.dk/pakken.htm

Synes godt om

alai Nybegynder

25. januar 2005 - 18:20 #20

Logfile of HijackThis v1.99.0
Scan saved at 18:19:45, on 25-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\AvidSDMService.exe
F:\WINDOWS\System32\CTsvcCDA.EXE
F:\WINDOWS\system32\crypserv.exe
F:\Programmer\NavNT\defwatch.exe
F:\Programmer\NavNT\rtvscan.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Programmer\iTunes\iTunesHelper.exe
F:\Programmer\Creative\ShareDLL\CtNotify.exe
F:\Programmer\NavNT\vptray.exe
F:\Programmer\QuickTime\qttask.exe
F:\Programmer\Parallel Tasking\ptask.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programmer\Creative\ShareDLL\MediaDet.Exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\WINDOWS\System32\MsgSys.EXE
F:\Documents and Settings\Alaikal\Skrivebord\hjt\hjt.exe
F:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [iTunesHelper] F:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Disc Detector] F:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] F:\Programmer\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] F:\Programmer\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [vptray] F:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Parallel Tasking] F:\Programmer\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] F:\Programmer\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://f:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://f:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://f:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://f:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://f:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: DigiChat Applet - http://host9.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101202828859
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Apache - Unknown - F:\WEBSRV\APACHE\Apache\Apache.exe (file missing)
O23 - Service: Avid SDM Service - Avid Technology, Inc. - F:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup - Unknown - F:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - F:\Programmer\NavNT\defwatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - F:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

Synes godt om

tonnybrandt Nybegynder

25. januar 2005 - 18:51 #21

Så er den ren.
Vent lige på at kalp vender tilbage, så han også lige kan kigge den igennem. Han er vist først online senere iaften.

Synes godt om

alai Nybegynder

25. januar 2005 - 19:04 #22

ok....

Synes godt om

kalp Novice

25. januar 2005 - 21:14 #23

Hej alai din log er ren! og det fint de andre fik de sidste linjer af istscv væk:)

Eftersom jeg allerede har lagt mit svar kan TonnyBrandt også ligge et for sit bidrag hvis han har lyst:)

alai du kan fordele point ved at markere begge navne når det er

Synes godt om

tonnybrandt Nybegynder

25. januar 2005 - 21:17 #24

Ellers tak, jeg springer over point :)

Synes godt om

alai Nybegynder

25. januar 2005 - 21:18 #25

mange mange tak....

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed	5	17/03/202610:32	18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed	6	02/02/202614:54	03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed	4	13/01/202617:27	14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed	4	13/11/202515:09	14/11/202510:45
Google fake Af johp i Andet sikkerhed	3	27/10/202516:31	28/10/202506:52

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

03/04

Podcasten Hard Fork giver et skarpt blik på ugens vigtigste tech-historier

03/04

Nørgaard: Læs skideballen fra en ukrainer til Rheinmetal - og derfor trender #MadeByHousewives

03/04

Læs hele Computerworlds løn-magasin: Så meget får danske it-folk i løn

02/04

Sådan kan du implementere ansvarlig AI i din organisation

01/04

Vi tester to udgaver af Denons Home-højttalere - og vi er ikke i tvivl om dommen

01/04

Som slagterlærling traf Rasmus et livsændrende valg: Nu er han udviklingschef i kæmpe energivirksomhed

01/04

Hård kritik efter tirsdagens stor-nedbrud: MitID er som en stor hullet ost og kan udvikle sig til en national katastrofe

01/04

OpenAI får kæmpemæssig kapitaltilførsel: Bliver værdisat til 5.500 milliarder kroner

01/04

Anthropic-medarbejder har ved et uheld lækket hele Claude Codes kildekode: 500.000 linier kode sluppet fri

01/04

Mørklægger årsag til tirsdagens timelange MitID-nedbrud: Vil intet fortælle af 'sikkerhedsmæssige årsager'

01/04

Hver fjerde forventer nul kroner i lønforhøjelse: It-testerne er blandt branchens mest pessimistiske for tredje år i træk

Vis flere artikler

IT-JOB

Banedanmark

IT-Sikkerhedsspecialist til samfundskritisk infrastruktur, ERTMS

Weilbach A/S

Head of Operations Support

Netcompany A/S

Test Consultant

Digitaliseringsstyrelsen

Relationsstærk agil konsulent til tværgående it-styring i Digitaliseringsstyrelsen

Styrelsen for Danmarks Fængsler

IT-driftskonsulent med fokus på forretningsnære løsninger

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 09:43	AI google.com Af Peter Olsen i Andre onlineløsninger
31/0310:22	Makro der gemmer vedhæftet fil fra Msg og omdøber filen Af lokesa i Excel
30/0313:45	Kablet forbindelse mellem android telefon og windows 11 pc Af 1Dorte i Android
30/0312:04	Elementtype vises - og ikke billedet? Af hkprofil i Billedbehandling
29/0312:08	Problemer med replay af købte kursusvideoer Af annam i Browsere

White papers

Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta

Flere white papers »