Søg
Avatar billede firas Nybegynder
19. februar 2005 - 12:28 Der er 11 kommentarer og
1 løsning

HijackThis samt Trojan.startpage

Norton Antivirus har fundet en fil, der hedder: se.dll og jeg kan hverken slette den eller sætte den i karantæne - hvad gør jeg?
I får desuden lige logfilen fra Spybot:

--- Search result list ---

--- Spybot - Search && Destroy version: 1.3  ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ DataAccess: Patch Available For XMLHTTP Vulnerability
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB867282
/ Windows Media Player: Windows Media Update 320920
/ Windows Media Player 9 / SP0: Windows Media Player 9 Hotfix [See KB885492 for more information]
/ Windows XP / SP1: Windows XP Service Pack 1
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q328310
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329048 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329390 for more information]
/ Windows XP / SP1: Windows XP Hotfix (SP1) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix - KB824151
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB833987
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB840987
/ Windows XP / SP2: Windows XP Hotfix - KB841356
/ Windows XP / SP2: Windows XP Hotfix - KB841533
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix - KB871250
/ Windows XP / SP2: Windows XP Hotfix - KB873376
/ Windows XP / SP2: Windows XP Hotfix - KB891711
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q322011
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q323255 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q327696 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q327979
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q328310
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329048 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329115 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329170
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329390 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q329441
/ Windows XP / SP2: Windows XP Hotfix (SP2) [See Q329834 for more information]
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810565
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810577
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q810833
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q811630
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885250
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB891781


--- Startup entries list ---
Located: HK_LM:Run, AdobeVersionCue
command: D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
  file: D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
  size: 1732608
    MD5: 6288c33daa9d4d1405fb240977b46997

Located: HK_LM:Run, InCD
command: C:\Program Files\ahead\InCD\InCD.exe
  file: C:\Program Files\ahead\InCD\InCD.exe
  size: 954368
    MD5: af810709dc07e8d1cab20a5cef99f62a

Located: HK_LM:Run, Logitech Utility
command: Logi_MwX.Exe
  file: C:\WINDOWS\Logi_MwX.Exe
  size: 19968
    MD5: e57163001c8a279ab6b1a06b5834a463

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\system32\NeroCheck.exe
  file: C:\WINDOWS\system32\NeroCheck.exe
  size: 155648
    MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  file: C:\WINDOWS\system32\RUNDLL32.EXE
  size: 31744
    MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
  file: C:\WINDOWS\system32\nwiz.exe
  size: 446464
    MD5: 149afe88d6055f1299558bad58abb80c

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
  file: C:\Program Files\QuickTime\qttask.exe
  size: 77824
    MD5: 4e165b34780ff2d1b405f29e3fa68df2

Located: HK_LM:Run, sp
command: rundll32 C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll,DllInstall
  file: C:\WINDOWS\system32\rundll32.exe
  size: 31744
    MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
  file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
  size: 180269
    MD5: b8e684df9a97497edd2f87444a6307fb

Located: HK_LM:Run, vptray
command: C:\Program Files\NavNT\vptray.exe
  file: C:\Program Files\NavNT\vptray.exe
  size: 73728
    MD5: c74916c539884a4367e0652583966571

Located: HK_LM:Run, zBrowser Launcher
command: C:\Program Files\Logitech\iTouch\iTouch.exe
  file: C:\Program Files\Logitech\iTouch\iTouch.exe
  size: 631362
    MD5: fd8f1b9e5760660cdd4e6e6a0a8be902

Located: HK_LM:Run, Zone Labs Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
  file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
  size: 902936
    MD5: 073f29e364b0d66dc267b38676824f88

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\System32\ctfmon.exe
  file: C:\WINDOWS\System32\ctfmon.exe
  size: 13312
    MD5: 414de7cf9d3f19c3ea902f1bb38ec116

Located: HK_CU:Run, MsnMsgr
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
  size: 4886528
    MD5: 0825fb5b6294e751ffa3d90bbf641cdb

Located: HK_CU:Run, NVIEW
command: rundll32.exe nview.dll,nViewLoadHook
  file: C:\WINDOWS\system32\rundll32.exe
  size: 31744
    MD5: 0fb22dd37c17f80ad71316049f725170

Located: HK_CU:Run, Spyware Doctor
command: "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  file: C:\Program Files\Spyware Doctor\swdoctor.exe
  size: 1466368
    MD5: 093b02c5213f7bd9412429bcec513bb3

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
  file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
  size: 83360
    MD5: 5bc65464354a9fd3beaa28e18839734a



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
          BHO name:
        CLSID name: AcroIEHlprObj Class
      description: Adobe Acrobat reader
    classification: Legitimate
    known filename: ACROIEHELPER.OCX
        info link: http://www.adobe.com/products/acrobat/readstep2.html
      info source: TonyKlein
              Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
        Long name:  AcroIEHelper.ocx
        Short name:      ACROIE~1.OCX
    Date (created): 16-02-2005 20:34:20
Date (last access): 19-02-2005 11:26:48
Date (last write): 16-04-2001 16:39:02
          Filesize:              37808
        Attributes:                 
              MD5: 8394ABFC1BE196A62C9F532511936DF7
            CRC32:          71D6E350
          Version:            0.1.0.0

{3C417407-B901-4841-A2B1-B2804B916758} ()
          BHO name:
        CLSID name:
              Path: C:\WINDOWS\System32\
        Long name:          ahbe.dll
        Short name:                 
    Date (created): 17-02-2005 22:05:58
Date (last access): 19-02-2005 11:26:48
Date (last write): 17-02-2005 22:06:12
          Filesize:              41472
        Attributes:          archive
              MD5: 32AA159EB13968244EF1F62C231331C5
            CRC32:          00000000
          Version:    255.255.255.255

{4E7BD74F-2B8D-469E-90F0-F66AB581A933} (InstaFinderK)
          BHO name:
        CLSID name: InstaFinderK
              Path: C:\PROGRA~1\INSTAF~1\
        Long name:      instafink.dll
        Short name:      INSTAF~1.DLL
    Date (created): 21-01-2005 15:10:00
Date (last access): 19-02-2005 11:26:48
Date (last write): 21-01-2005 15:10:00
          Filesize:            552960
        Attributes:          archive
              MD5: 6494A3F3B59AFBB9838CE3464C5D5399
            CRC32:          9EA420F2
          Version:            0.3.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
          BHO name:
        CLSID name:
      description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDHelper.dll
        info link: http://spybot.eon.net.au/
      info source: Patrick M. Kolla
              Path: C:\Program Files\Spybot - Search & Destroy\
        Long name:      SDHelper.dll
        Short name:                 
    Date (created): 12-05-2004 01:03:00
Date (last access): 19-02-2005 11:26:48
Date (last write): 12-05-2004 01:03:00
          Filesize:            744960
        Attributes:          archive
              MD5: ABF5BA518C6A5ED104496FF42D19AD88
            CRC32:          5587736E
          Version:            0.1.0.3

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard)
          BHO name:
        CLSID name: PCTools Site Guard
              Path: C:\PROGRA~1\SPYWAR~1\tools\
        Long name:        iesdsg.dll
        Short name:                 
    Date (created): 20-12-2004 11:38:38
Date (last access): 19-02-2005 11:29:44
Date (last write): 20-12-2004 11:38:38
          Filesize:            272384
        Attributes:          archive
              MD5: BD4D7FEEA076DA052CEE6797B380D19D
            CRC32:          87FF8B90
          Version:    255.255.255.255

{B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor)
          BHO name:
        CLSID name: PCTools Browser Monitor
              Path: C:\PROGRA~1\SPYWAR~1\tools\
        Long name:        iesdpb.dll
        Short name:                 
    Date (created): 21-01-2005 13:32:54
Date (last access): 19-02-2005 11:29:44
Date (last write): 21-01-2005 13:32:54
          Filesize:            330752
        Attributes:          archive
              MD5: 3B7CB997EFA322BEDB5ECC61EA5DD918
            CRC32:          B5648085
          Version:            0.3.0.0



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
          DPF name: Microsoft XML Parser for Java
        CLSID name:
      description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
        info link:
      info source: Patrick M. Kolla

ppctlcab (ppctlcab)
          DPF name: ppctlcab
        CLSID name:

{00000075-9980-0010-8000-00AA00389B71} ()
          DPF name:
        CLSID name:
      description: Microsoft Audio Codec
    classification: Legitimate
    known filename: VOXACM.CAB
        info link:
      info source: Patrick M. Kolla

{2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen)
          DPF name:
        CLSID name: PPSDKActiveXScanner.MainScreen
              Path: C:\WINDOWS\Downloaded Program Files\
        Long name: PPSDKActiveXScanner.ocx
        Short name:      PPSDKA~1.OCX
    Date (created): 09-11-2004 13:53:16
Date (last access): 17-02-2005 19:23:42
Date (last write): 09-11-2004 13:53:16
          Filesize:            670320
        Attributes:          archive
              MD5: D3F092C4C6E08A63807AF5770D2F4828
            CRC32:          014698E1
          Version:            0.1.0.5

{459729AC-727D-4D97-B18A-72EE224EFEC0} ()
          DPF name:
        CLSID name:
      description: eAcceleration
    classification: Confirmed as malware
    known filename:
        info link:
      info source:

{597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class)
          DPF name:
        CLSID name: OPUCatalog Class
              Path: C:\WINDOWS\System32\
        Long name:          opuc.dll
        Short name:                 
    Date (created): 24-10-2002 10:18:40
Date (last access): 10-02-2003 22:32:06
Date (last write): 24-10-2002 10:18:40
          Filesize:            180496
        Attributes:          archive
              MD5: FE692DAD506B89C527EFB1A89936CD33
            CRC32:          E775EBBA
          Version:          0.10.0.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
          DPF name:
        CLSID name: WUWebControl Class
              Path: C:\WINDOWS\System32\
        Long name:          wuweb.dll
        Short name:                 
    Date (created): 03-08-2004 13:59:06
Date (last access): 17-02-2005 21:38:58
Date (last write): 03-08-2004 13:59:06
          Filesize:            120288
        Attributes:          archive
              MD5: 0CD6248038C70B4C688DBD315D90A97A
            CRC32:          0EF7DE01
          Version:            0.5.0.4

{6CB5E471-C305-11D3-99A8-000086395495} (Google Activate)
          DPF name:
        CLSID name: Google Activate
      description: Google Toolbar
    classification: Legitimate
    known filename: %WINDIR%\Downloaded Program Files\googlenav.dll
        info link:
      info source: Patrick M. Kolla
              Path: C:\WINDOWS\Downloaded Program Files\
        Long name:      googlenav.dll
        Short name:      GOOGLE~1.DLL
    Date (created): 05-09-2002 12:21:18
Date (last access): 17-02-2005 21:49:26
Date (last write): 05-09-2002 12:21:18
          Filesize:            450560
        Attributes:          archive
              MD5: 874F9C613A65848652B5D04DD4BD5208
            CRC32:          1578385D
          Version:            0.1.0.1

{917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class)
          DPF name:
        CLSID name: CamImage Class
              Path: C:\WINDOWS\Downloaded Program Files\
        Long name: AxisCamControl.ocx
        Short name:      AXISCA~1.OCX
    Date (created): 28-11-2002 00:32:46
Date (last access): 22-01-2003 16:38:12
Date (last write): 28-11-2002 00:32:50
          Filesize:            181136
        Attributes:          archive
              MD5: 830C7EA2844458330D26F60B3C68910D
            CRC32:          0A338892
          Version:            0.1.0.0

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
          DPF name:
        CLSID name: ActiveScan Installer Class
              Path: C:\WINDOWS\Downloaded Program Files\
        Long name:        asinst.dll
        Short name:                 
    Date (created): 29-04-2002 15:49:52
Date (last access): 22-01-2003 22:46:50
Date (last write): 29-04-2002 15:49:52
          Filesize:              98304
        Attributes:          archive
              MD5: D7F38C152F17ECE90D2B80CB92FF4B40
            CRC32:          82F7CBF9
          Version:          0.54.0.9

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
          DPF name:
        CLSID name:
      description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
        info link:
      info source: Patrick M. Kolla

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)
          DPF name:
        CLSID name: MsnMessengerSetupDownloadControl Class
              Path: C:\WINDOWS\Downloaded Program Files\
        Long name: MsnMessengerSetupDownloader.ocx
        Short name:      MSNMES~1.OCX
    Date (created): 05-11-2004 15:58:20
Date (last access): 17-02-2005 21:44:12
Date (last write): 05-11-2004 15:58:20
          Filesize:            119496
        Attributes:          archive
              MD5: 1B40AA6A5D25E6CB4EDFC4C717113161
            CRC32:          4F5D45E3
          Version:            0.1.0.0

{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0)
          DPF name: Java Runtime Environment 1.4.0
        CLSID name:

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name:
        CLSID name: Shockwave Flash Object
      description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
        info link:
      info source: Patrick M. Kolla
              Path: C:\WINDOWS\System32\macromed\flash\
        Long name:          Flash.ocx
        Short name:                 
    Date (created): 09-06-2004 15:59:26
Date (last access): 19-02-2005 11:21:50
Date (last write): 09-06-2004 15:59:26
          Filesize:            939224
        Attributes:          archive
              MD5: FC3E17E12C2E31FAC34B416B3DAB829F
            CRC32:          D1CF3A57
          Version:            0.7.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 19-02-2005 12:22:08

PID:    0 (  0) [System]
PID:    4 (  0) System
PID:  388 ( 600) C:\WINDOWS\System32\MsPMSPSv.exe
PID:  464 (  4) \SystemRoot\System32\smss.exe
PID:  516 ( 464) csrss.exe
PID:  556 ( 464) \??\C:\WINDOWS\system32\winlogon.exe
PID:  600 ( 556) C:\WINDOWS\system32\services.exe
PID:  612 ( 556) C:\WINDOWS\system32\lsass.exe
PID:  860 ( 600) C:\WINDOWS\system32\svchost.exe
PID:  924 ( 600) C:\WINDOWS\System32\svchost.exe
PID: 1076 ( 600) svchost.exe
PID: 1104 ( 600) svchost.exe
PID: 1132 (2728) C:\WINDOWS\winhlp32.exe
PID: 1300 (1280) C:\WINDOWS\Explorer.EXE
PID: 1352 ( 600) C:\WINDOWS\system32\spoolsv.exe
PID: 1540 (1300) C:\Program Files\Logitech\iTouch\iTouch.exe
PID: 1548 (1300) C:\Program Files\QuickTime\qttask.exe
PID: 1588 (1300) C:\Program Files\ahead\InCD\InCD.exe
PID: 1600 (1300) D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
PID: 1608 (1300) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1616 (1300) C:\WINDOWS\System32\rundll32.exe
PID: 1624 (1300) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PID: 1632 (1300) C:\WINDOWS\System32\ctfmon.exe
PID: 1656 (1300) C:\Program Files\MSN Messenger\MsnMsgr.Exe
PID: 1684 (1580) C:\Program Files\Logitech\MouseWare\system\em_exec.exe
PID: 1716 (1300) C:\Program Files\Spyware Doctor\swdoctor.exe
PID: 1724 (1640) C:\WINDOWS\System32\rundll32.exe
PID: 1800 ( 600) C:\WINDOWS\system32\crypserv.exe
PID: 1816 ( 600) C:\Program Files\NavNT\defwatch.exe
PID: 1864 ( 600) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PID: 1884 ( 600) C:\WINDOWS\System32\nvsvc32.exe
PID: 1932 ( 600) locator.exe
PID: 1964 ( 600) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PID: 2196 (1300) C:\Program Files\Internet Explorer\iexplore.exe
PID: 2452 (1300) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2504 ( 924) C:\WINDOWS\System32\wuauclt.exe
PID: 2728 (1300) C:\Program Files\NavNT\vpc32.exe
PID: 2748 (2728) C:\Program Files\NavNT\vptray.exe
PID: 3120 (1300) C:\Program Files\Internet Explorer\iexplore.exe
PID: 3292 (1300) D:\Program Files\Adobe InDesign CS\InDesign.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 19-02-2005 12:22:08

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
  res://C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll/sp.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\HomeOldSP
  about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
  res://C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll/sp.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  http://www.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

  • Protocol  1: MSAFD Tcpip [UDP/IP]
            GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip

  • Protocol  2: MSAFD Tcpip [RAW/IP]
            GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip

  • Protocol  3: RSVP UDP Service Provider
            GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
        Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol  4: RSVP TCP Service Provider
            GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
        Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol  5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCF480A3-A1A3-4043-A9B9-EF347D6C8135}] SEQPACKET 0
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol  6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCF480A3-A1A3-4043-A9B9-EF347D6C8135}] DATAGRAM 0
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol  7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44E0D92B-F211-4520-8422-C8A612AC8CBF}] SEQPACKET 3
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol  8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44E0D92B-F211-4520-8422-C8A612AC8CBF}] DATAGRAM 3
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol  9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C7A7654-0C7D-429A-9966-EA88B3E313A7}] SEQPACKET 1
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C7A7654-0C7D-429A-9966-EA88B3E313A7}] DATAGRAM 1
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9E9AB53-3E4D-4C45-85C0-892F259A9172}] SEQPACKET 2
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9E9AB53-3E4D-4C45-85C0-892F259A9172}] DATAGRAM 2
            GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
        Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider  0: Tcpip
            GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
        Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider  1: NTDS
            GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
        Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider  2: Network Location Awareness (NLA) Namespace
            GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
        Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 12:32 #1
    Følg vejledningen her:
    Gå ind her og hent Hijackthis.
    http://www.spywarefri.dk/vaerktoj.htm
    Kør Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den. Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.
    Avatar billede firas Nybegynder
    19. februar 2005 - 12:35 #2
    Her er filen:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:34:55, on 19-02-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ahead\InCD\InCD.exe
    D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\NavNT\vpc32.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Adobe InDesign CS\InDesign.exe
    C:\Program Files\HijackThis\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {3C417407-B901-4841-A2B1-B2804B916758} - C:\WINDOWS\System32\ahbe.dll
    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll,DllInstall
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {459729AC-727D-4D97-B18A-72EE224EFEC0} - http://raven.veloz.com/pub/download/scandl_ss.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108662630640
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O18 - Filter: text/html - {C3498B88-3975-4FB7-BEA6-FD2D0E3C5007} - C:\WINDOWS\System32\ahbe.dll
    O18 - Filter: text/plain - {C3498B88-3975-4FB7-BEA6-FD2D0E3C5007} - C:\WINDOWS\System32\ahbe.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 12:46 #3
    Jeg kigger lige på den ..
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 12:54 #4
    Hvis du ikke har dem så:
    Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware

    Hent og opdater CWShredder: http://www.spywareinfo.com/downloads/tools/CWShredder.exe
    Eller her: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

    Hent Aboutbuster og læg dette program i sin egen mappe et sted du kan huske:
    http://www.atribune.org/downloads/AboutBuster.zip

    Genstart fejlsikret tilstand. Du trykker F8 nogle gange mens windows starter op.
    Fix disse med HijackThis:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {3C417407-B901-4841-A2B1-B2804B916758} - C:\WINDOWS\System32\ahbe.dll
    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\FINNRA~1\LOCALS~1\Temp\se.dll,DllInstall
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O18 - Filter: text/html - {C3498B88-3975-4FB7-BEA6-FD2D0E3C5007} - C:\WINDOWS\System32\ahbe.dll
    O18 - Filter: text/plain - {C3498B88-3975-4FB7-BEA6-FD2D0E3C5007} - C:\WINDOWS\System32\ahbe.dll



    Vi skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen.
    Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
    Fjern flueben ved "Skjul beskyttede operativsystemfiler".
    Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
    Sæt prik i "Vis skjulte filer og mapper".

    Søg og slet følgende stadig i fejlsikret tilstand:

    C:\WINDOWS\System32\ahbe.dll

    Så starter du aboutbuster. Fjern det den finder.

    Nu kører du en scanning med Ad-Aware og CWShredder og fjerner, hvad de finder.

    Angående CWShredder:
    Pak zipfilen ud i en mappe.
    Kør programmet, tjek for updates, afbryd din internetforbindelse fysisk (stikket ud), luk alle vinduer undtaget cwshredder, klik på Fix, den scanner nu, når den er færdigt klik på Next, klik på Exit.


    Så skal du lige en tur i registrerings databasen:
    Start->Kør, skriv- regedit klik OK.

    Klik dig frem til:
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
    Tjek om der en nøgle/tekst der hedder-About:blank, hvis ja, så slet den
    Klik på - Denne Computer, i regedit vinduet, klik- rediger-søg, skriv: About:blank tryk- Enter. Slet den, tryk F3 -slet - F3 -slet indtil søgningen er færdig.
    Samme fremgangsmåde med-HomeOldSP


    Og slet indholdet i din temp mappe: C:\Documents and Settings\<brugernavn>\LOKALE indstillinger\Temp\
    Samt midlertidige internet filer-kontrolpanel-internetindstillinger-generelt-slet filer og cookies

    Genstart.
    Så bliver du nødt til at komme med en log mere til kontrol :O)
    Avatar billede firas Nybegynder
    19. februar 2005 - 16:31 #5
    Nu har gjort, som du har beskrevet - jeg vil lige sige, at nogle af de filer, som skulle fixes med HijackThis, kunne jeg ikke finde. Du får lige en logfil:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:28:15, on 19-02-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ahead\InCD\InCD.exe
    D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HijackThis\hijackthis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108662630640
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 17:20 #6
    Loggen er næsten ren bortset fra en enkelt skønhedsplet:

    Genstart i fejlsikret tilstand.

    Klik start | kør, skriv regedit og tryk enter.
    Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

    Udvid den så du kan se de underliggende nøgler.
    Højreklik denne nøgle og vælg slet:
    {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}

    Generelt:
    Hvis du bliver nægtet adgang så udfør følgende for at sætte sikkerheden så du må slette:

    Klik Nøglen så den er markeret.
    Klik Rediger | Tilladelser.
    Marker "Alle" og sæt kryds i Tillad i "Fuld kontrol".
    Klik knappen Avanceret, og sæt kryds i den nederste: "Erstat tilladelsesposter på alle underobj......"
    Klik Anvend og ok
    Og igen Anvend og ok.

    Luk regedit når du er færdig.

    Genstart normalt og kom med en ny log.
    Avatar billede firas Nybegynder
    19. februar 2005 - 17:38 #7
    jeg kunne ikke slette nøglen - her er log-filen:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:35:57, on 19-02-2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ahead\InCD\InCD.exe
    D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\NavNT\vptray.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\MsgSys.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\HijackThis\hijackthis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
    O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108662630640
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Avatar billede arlet Juniormester
    19. februar 2005 - 17:41 #8
    tonnybrandt -> Er i ikke gået væk fra at anbefale ad-aware???
    19/02-2005 12:54:35
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 17:45 #9
    Hmm.. jeg kontrollerede den linie en ekstra gang og den er sådan set god nok, hvormed jeg mener at det ikke er snavs, men istedet et legitimt program "pc-tools spyware doctor" som har lagt linien ind. Men programmet er afinstalleret så linien burde ikke være der. (men gør på den anden side heller ingen skade)

    Du bestemmer selv om vi skal køre det tunge skyts i krig for at få linien væk.

    Men ellers er loggen ren.

    Efter sådan en tur er det altid en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse  - genstart din computer - aktiver systemgendannelse.
    (klik start | indstillinger | kontrolpanel | system, fanebladet systemgendannelse)

    Du kan evt installere nogle af programmerne i spywarefri pakken..de er alle små, konflikter ikke og er meget effektive mod snavs af den slags du lige har været angrebet af.

    Specielt anbefaler vi Spybot,spywareblaster, IE-Spyad og spywareguard.
    Se mere i "pakken" her
    http://www.spywarefri.dk/pakken.htm
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 17:48 #10
    arlet > Jo og nej. Vi er ikke færdige med diskussionen endnu, men det tyder på at det bliver Microsofts antispyware vi anbefaler istedet for. I dette tilfælde lå AdAware blot i min skabelon, og da beslutningen ikke er endelig, vil jeg ikke lave om i mine skabeloner før beslutningen ligger fast *s*
    Avatar billede firas Nybegynder
    19. februar 2005 - 19:02 #11
    jeg takker for hjælpen
    Avatar billede tonnybrandt Nybegynder
    19. februar 2005 - 19:05 #12
    Velbekomme og takker for point :)
    Avatar billede Ny bruger Nybegynder

    Din løsning...

    Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

    Loading billede Opret Preview
    Kategori
    Se alle it-kurser fra Computerworld Kurser
    IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
    Se alle it-kurser

    Flere spørgsmål fra Virus kategorien

    Titel Indlæg Oprettet Seneste aktivitet
    Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
    Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
    Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
    mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
    virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
    Se alle spørgsmål i kategorien Opret spørgsmål

    Log ind eller opret profil

    Hov!

    For at kunne deltage på Computerworld Eksperten skal du være logget ind.

    Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

    Opret Log ind

    Du kan også logge ind via nedenstående tjenester

    Alle kategorier på Eksperten
    Seneste spørgsmål Seneste aktivitet
    59 min siden Lille smart tingest Af nu_igen i Fitness & Smartwatches
    03/0500:59 Mobilepay app virker ikke mere på Xiaomi Redmi Note 13 Pro Af henrixx i Apps til Android
    02/0519:09 Download Win 11 - 25H2 Af ErikHg i Windows
    30/0410:42 Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
    29/0419:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
    White papers
    Flere white papers »