Notifikationer

Markér alle som læst Log ud

saudoo Nybegynder

04. marts 2005 - 15:21 Der er 52 kommentarer og
1 løsning

Skærm sort.. D: m. HijackLog

Hej Exp.

På min computer slukkede min skærm pludselig. Dvs. den slog signalet fra, der er stadig strøm. Det er kun inde i Windows, ej fejlsikret, den er sort.

Dette er sket før, men dengang kunne jeg bare lave en systengendannelse. Men selvom jeg også har slået denne fra, og sat den på senere. Synten den at komme tilbage.. :\

Denne gang sad jeg og lavede noget i Photoshop, da der pludselig ikke var mere plads tilbage på disken. (ja det var et stort billede.. :P). Og blev der jo ikke gemt nogle gendannelsestidspunkter. :(

Håber i kan hjælpe mig.

Her er min log:
Logfile of HijackThis v1.97.7
Scan saved at 3:03:42 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Skrivebord\Andet\Alt lort\Andet\Beskyttelse\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKCU\..\Run: [Omtl] C:\Documents and Settings\Jakob\Application Data\dbed.exe
O4 - HKCU\..\Run: [WCPC] C:\WINDOWS\System32\wintsvcc.exe
O4 - HKCU\..\Run: [NDIS Adapter] lsass2.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: FlashKeeper (HKLM)
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: HiDownload (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DDA99787-6A40-494C-BB80-C92599F560D3} - file://C:\Programmer\Softomate\Toolbar Studio\projects\funsense_webinstall\funsense.cab
O16 - DPF: {EF5A8F4B-3163-428D-92B9-0D062216402F} - file://C:\Programmer\Softomate\Toolbar Studio\projects\funsense_webinstall\funsense.cab

Tak.
Jakob

Synes godt om

kalp Novice

04. marts 2005 - 15:22 #1

jeg ser på den

Synes godt om

kalp Novice

04. marts 2005 - 15:22 #2

Download det nye hijackthis herfra
http://downloadportal.dk/showdownload.asp?rid=4212&sp=Hijackthis
eller
http://www.downloadportal.dk/showdownload.asp?rid=4234&sp=title

kom med en ny log:)

Synes godt om

saudoo Nybegynder

04. marts 2005 - 15:25 #3

okay.. to sek.. :)

Synes godt om

saudoo Nybegynder

04. marts 2005 - 15:32 #4

Den nye log:'

Logfile of HijackThis v1.99.1
Scan saved at 3:30:04 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKCU\..\Run: [Omtl] C:\Documents and Settings\Jakob\Application Data\dbed.exe
O4 - HKCU\..\Run: [WCPC] C:\WINDOWS\System32\wintsvcc.exe
O4 - HKCU\..\Run: [NDIS Adapter] lsass2.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DDA99787-6A40-494C-BB80-C92599F560D3} - file://C:\Programmer\Softomate\Toolbar Studio\projects\funsense_webinstall\funsense.cab
O16 - DPF: {EF5A8F4B-3163-428D-92B9-0D062216402F} - file://C:\Programmer\Softomate\Toolbar Studio\projects\funsense_webinstall\funsense.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FLLESF~1\Stardock\mcpstub.dll (file missing)
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Synes godt om

kalp Novice

04. marts 2005 - 15:33 #5

Meget bedre... giv mig et par minutter:)

Synes godt om

saudoo Nybegynder

04. marts 2005 - 15:37 #6

:P tak..

Synes godt om

kalp Novice

04. marts 2005 - 15:55 #7

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Download LSP FIX hvis du skulle miste internet forbindelsen
http://cexx.org/lspfix.zip

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [Omtl] C:\Documents and Settings\Jakob\Application Data\dbed.exe
O4 - HKCU\..\Run: [NDIS Adapter] lsass2.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {DDA99787-6A40-494C-BB80-C92599F560D3} - file://C:\Programmer\Softomate\Toolbar Studio\projects\funsense_webinstall\funsense.cab
O16 - DPF: {EF5A8F4B-3163-428D-92B9-0D062216402F} - file://C:\Programmer\Softomate\Toolbar Studio\projects\funsense_webinstall\funsense.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FLLESF~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Find og slet følgende mapper og filer

C:\PROGRA~1\NEWDOT~1\ - afinstaller først i tilføj og fjern programmer
WebHancer ?? se om der er i tilføj og fjern programmer.. eller i samme folder som den over. Kan også være den slet ikke er der!
søg efter lsass2.exe
C:\Documents and Settings\Jakob\Application Data\dbed.exe

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Slet alt den finder..

Genstart normalt og kopir en ny log herind så jeg kan se hvad vores næste skridt bliver.. for der var ting jeg var lidt usikker på indrømmer jeg!
Men se om du kan genstarte normalt ellers send en ny log i fejlsikret.

Hvis du ikke kan komme på nettet så, skal du bruge lsp fix du hentede i starten
Kør LSPfix, sæt flueben i I know what I am doing, klik på finish, genstart så burde det virke.

Synes godt om

saudoo Nybegynder

04. marts 2005 - 15:58 #8

Yes gør jeg lige. Tak. :)

Vender tilbage, om lidt tid..

Synes godt om

saudoo Nybegynder

04. marts 2005 - 16:44 #9

Jeg kan ikke få mwav.exe, over på min maskine. Det fylder for meget for een diskette, og har åbenbart ingen tomme cd'er.
Mit usbstik er desværre også lige gået istykker. :(

Men prøver en sidste ting. Ellers er der så ikke en anden mulighed? Alså ud over at formatere..

Synes godt om

kalp Novice

04. marts 2005 - 16:45 #10

Vent med den så.. :) måske kan du downloade den bagefter :) gør alt det andet tilgengæld

Synes godt om

saudoo Nybegynder

04. marts 2005 - 17:01 #11

Den er stadig sort.. Men har lige fået min "ødelagte" maskine på nettet. Dog i fejlsikret tilstand. Dno hvordan.. :)

Synes godt om

saudoo Nybegynder

04. marts 2005 - 17:09 #12

Hvordan er det liige at jeg slette ting den har fundet?

Synes godt om

kalp Novice

04. marts 2005 - 18:47 #13

så hent mwav og gentag proceduren:) du skal bare slette de jeg har bedt om som du normalt sletter ting dog ikke ned i papirskurven.

Får du ikke tilladelse til at slette en fil så slet den via. killbox
http://www.spywareinfo.dk/download/KillBox.zip

Synes godt om

kalp Novice

05. marts 2005 - 15:10 #14

Hvor langt er du nået?:)

Synes godt om

saudoo Nybegynder

05. marts 2005 - 21:47 #15

Hej igen..

Jeg har kørt det der program, undskyld ventetiden. Er først kommet på nettet igen. :) Sidder ved en kammerat.

Her har du en ny log:

Logfile of HijackThis v1.99.1
Scan saved at 9:44:56 PM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
D:\Programmer\QuickTime\qttask.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmer\MultiRes\MultiRes.exe
C:\WINDOWS\StartupMonitor.exe
D:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\ZPOINT32.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmer\Rage3DTweak\RegTwk.exe
D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe
D:\games\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
D:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programmer\Mozilla Firefox\firefox.exe
D:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Skyracer USB.lnk = D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.danskebank.dk
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Forresten; så har jeg opdaget en fil der optager omkring 97-99 procent at min cpu's ydelse. Det hedder vist noget med Spoolsv.exe.. Hvad kan der være galt?

Og undskyld igen, for at jeg skrev så sent tilbage.. :)

Synes godt om

kalp Novice

06. marts 2005 - 01:05 #16

Det kan anbefales at afinstallere Messenger Plus! 3
Angående Spoolsv så tjeck om du har noget printer jobs som venter på at blive printet ud.. hvis ja annuler dem.. Hvis ikke der ikke er nogen i den normale printer så kig i Microsoft Image Writer... mener det er i publisher.. hvis ikke må jeg lige finde ud af hvor den ligger.. mener det under kontrolpanelet undet et eller andet.

Og det gør ikke nogen du kom lidt for sent den eneste grund til jeg gerne vil gøre det lidt hurtigt er fordi jeg bedre kan huske hvad jeg har planlagt til denne log og så står det hele meget klart i mit hoved endnu:P

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

Fix denne hvis du vil af med denne toolbar
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} -C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll

Disse hvis du afinstallere Messenger Plus
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart

Disse skal fixes
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Hijacked Internet access by New.Net

Genstart normalt og ny log

Synes godt om

saudoo Nybegynder

06. marts 2005 - 17:04 #17

Hey.. så gik den i sort igen.. :(

Men her har du en ny log:

Logfile of HijackThis v1.99.1
Scan saved at 5:04:55 PM, on 3/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Skyracer USB.lnk = D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.danskebank.dk
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Synes godt om

saudoo Nybegynder

06. marts 2005 - 17:41 #18

Og forresten.. så har jeg hverken en printer, eller Publisher.. så det kan ikke være det.. :)

Synes godt om

kalp Novice

06. marts 2005 - 18:43 #19

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

hent og kør
http://www.new.net/support/uninstall5_48.exe

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Slet alt den finder..

Genstart normalt hvis muligt og ny log... ellers ny i fejlsikret

Synes godt om

saudoo Nybegynder

06. marts 2005 - 21:28 #20

Men hvordan sletter jeg hvad den der mwav finder? Jeg kan kun trykke OK.. skal jeg manuelt ind og slette? :\

Synes godt om

kalp Novice

06. marts 2005 - 21:28 #21

sig okay og kig på loggen eller kom med den.. den burde slette automatisk.

Synes godt om

saudoo Nybegynder

07. marts 2005 - 07:28 #22

Okay.. den har slettet 24 vira, ud af 87.. (de fleste er Ad-wares)..
Men skal jeg ikke bare slette dem?

Log:
File C:\Documents and Settings\Jakob\.jpi_cache\jar\1.0\javainstaller.jar-4514e5ea-3b6613ac.zip infected by "Trojan-Downloader.Java.OpenStream.t" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Jakob\Application Data\Mozilla\Firefox\Profiles\a3rid7ly.default\Cache\1DB223BBd01 tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Documents and Settings\Jakob\Skrivebord\uninstall5_48.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Program Files\webHancer\Programs\SET1C.tmp tagged as not-a-virus:AdWare.WebHancer.351. No Action Taken.
File C:\Program Files\webHancer\Programs\SET1E.tmp tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\Program Files\webHancer\Programs\SET20.tmp tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\Programmer\Fælles filer\WinTools\WSup.exe tagged as not-a-virus:AdWare.Wintol.p. No Action Taken.
File C:\Programmer\Fælles filer\WinTools\WToolsB.dll tagged as not-a-virus:AdWare.Wintol.v. No Action Taken.
File C:\Programmer\MSN Messenger\riched20.dll tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Programmer\NewDotNet\newdotnet6_38.dll tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Programmer\Softomate\Toolbar Studio\bin\untitled.cab tagged as not-a-virus:AdWare.ToolBar.Stool. No Action Taken.
File C:\Programmer\Softomate\Toolbar Studio\projects\like_dogpile.cab tagged as not-a-virus:AdWare.ToolBar.Stool. No Action Taken.
File C:\Programmer\Softomate\Toolbar Studio\projects\like_google.cab tagged as not-a-virus:AdWare.ToolBar.Stool. No Action Taken.
File C:\Programmer\Softomate\Toolbar Studio\projects\like_yahoo.cab tagged as not-a-virus:AdWare.ToolBar.Stool. No Action Taken.
File C:\Programmer\Toolbar\common.dll tagged as not-a-virus:AdWare.WebSearch.f. No Action Taken.
File C:\Programmer\Toolbar\PIB.exe tagged as not-a-virus:AdWare.WebSearch.h. No Action Taken.
File C:\Programmer\Toolbar\TBPSSvc.exe tagged as not-a-virus:AdWare.WebSearch.b. No Action Taken.
File C:\Programmer\whInstall\Webhdll.dll tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\Programmer\whInstall\whInstaller.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\RECYCLER\S-1-5-21-776561741-1202660629-1060284298-1003\Dc2.tmp tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\RECYCLER\S-1-5-21-776561741-1202660629-1060284298-1003\Dc3.exe tagged as not-a-virus:AdWare.WebHancer. No Action Taken.
File C:\RECYCLER\S-1-5-21-776561741-1202660629-1060284298-1003\Dc4.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\RECYCLER\S-1-5-21-776561741-1202660629-1060284298-1003\Dc5.EXE tagged as not-a-virus:RiskWare.Tool.KillApp.b. No Action Taken.
File C:\RECYCLER\S-1-5-21-776561741-1202660629-1060284298-1003\Dc6.vxd tagged as not-a-virus:AdWare.BargainBuddy.j. No Action Taken.
File D:\Games\Quake 3 Arena\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Games\Quake 3 Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Games\Sierra\Half-Life\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
File D:\Install - programmer\mirc616.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File D:\Install - programmer\Quark Xpress 6 Multilanguage For Windows With Serial\Quark.XPress.v6.build.1341._FOR_WINDOWS_WITH.SERIAL\QuarkXPress60 Win 1341\Serial + Crack\Quark.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File D:\Install - programmer\Quark Xpress 6 Multilanguage For Windows With Serial\Quark.XPress.v6.build.1341._FOR_WINDOWS_WITH.SERIAL\QuarkXPress60 Win 1341\Serial + Crack\Quark1.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File D:\Install - programmer\Rip DVD\radiummp3.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Install - programmer\SetupSwish200.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Lort\hjemmeside stuff\Loopz mIRC\#loopz script.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
File D:\Lort\hjemmeside stuff\Loopz mIRC\system\moo.dll tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.
File D:\Lort\Loopz.zip tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
File D:\Mit skrivebord 4\pod25ins.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\My Received Files\bpftp221_setup.exe tagged as not-a-virus:RiskWare.ftp.BulletProof.221. No Action Taken.
File D:\Program Files\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.16. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\01096BDE-50D0-460C-A4F7-2C485B tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\0582D01F-8123-4744-B2D9-2D0C77 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\2F211FC3-E31A-40DE-976D-8E8FC9 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\41D8F4F3-1DE9-4CB0-9B6A-D8F1DE tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\5791C8D8-FC25-4CD0-8218-3BF330 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\61882815-B60C-49FE-92CD-A76352 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\6AF3E307-F050-4284-9C11-6A2C79 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\6C96A271-6BB9-45B6-9B20-4254DD tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\702258B6-0440-44E8-9F27-89531B tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\926B6070-E569-4367-811E-7534FB tagged as not-a-virus:AdWare.TotalVelocity.MyWebSearch.b. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\AFDDCC30-EFA7-41CD-95C2-8D1B90 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\C7E3E1FF-B7EE-467C-86FF-0FF96A tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\064A6677-1F73-4249-B4F0-ACCE90\F61E4890-AD2B-4BBC-8DE9-37B595 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File D:\Programmer\Microsoft AntiSpyware\Quarantine\85A93226-007B-4B4F-A72E-D6BE6E\11EE73DF-8388-48E1-8E13-7B9739 tagged as not-a-virus:AdWare.Wintol.v. No Action Taken.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\055B7CD1 tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\099D1524 tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\09F63F9E.exe infected by "Trojan-DDoS.Win32.Boxed.s" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\0D2932F6 infected by "Trojan-DDoS.Win32.Boxed.s" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\0E5C1DA4 infected by "Trojan-Spy.Win32.Briss.j" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\12F277EC.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\179F0ECB.exe infected by "Trojan-DDoS.Win32.Boxed.s" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\184264E7 tagged as not-a-virus:AdWare.PurityScan.f. No Action Taken.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\372D70E5.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\37301AE1.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\3EE10AEE.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\48F60AC9 infected by "Trojan-Downloader.Win32.Dyfuca.da" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\4A7429A1.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\4A7429A1.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\4A7B7D9A.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\4A7E2796.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\4A825193.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\527A06E8 infected by "Trojan-Downloader.Win32.Dyfuca.de" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\52974621.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\52C53E3B.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\52C86837.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\52C86837.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\578816B7 infected by "Net-Worm.Win32.Padobot.p" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\5F861AC7.exe infected by "Backdoor.Win32.Wootbot.u" Virus. Action Taken: File Renamed.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\600E2556 infected by "Backdoor.Win32.Wootbot.m" Virus. Action Taken: File Renamed.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\60351D2B infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\60384727 tagged as not-a-virus:AdWare.PurityScan.j. No Action Taken.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\61BD4955 infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\661D29E0.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\6C895739.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\6F28350C.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File D:\Programmer\Norton SystemWorks\Norton Antivirus\Quarantine\73F22B03.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File D:\Programmer\Quake III Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\Programmer\Quark\QuarkXPress 6.0\Quark.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File D:\Programmer\Quark\QuarkXPress 6.0\Required Components\Quark1.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.

Synes godt om

kalp Novice

07. marts 2005 - 07:31 #23

En del af det ligger jo i "fangeskab" i norton og i dit spywareprogram :)

men denne mappe burde du fx have slettet
C:\Program Files\webHancer\

har du det? og kan du komme i normalt tilstand? kom med en ny log fra hijackthis så vi kan se om der er mere...

Synes godt om

saudoo Nybegynder

07. marts 2005 - 16:18 #24

Ahh.. det var fordi den på på C: drevet.. :D

Men prøver lige om jeg kan nu. Den fjernede også 25 vira, som den ikke fandt den første gang.. :\

Synes godt om

saudoo Nybegynder

07. marts 2005 - 22:02 #25

Så er der skærm igen.. Men har prøvede at installere Illustrator, og godkendte Adobe's gammaloader til at starte op med Windows. Og så fuckede det op. Har også oplevet dette med iBallChat. :\

well. men her er endnu en log. Og tak for din hjælp, indtil vidre. :)

Logfile of HijackThis v1.99.1
Scan saved at 9:59:54 PM, on 3/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\Programmer\QuickTime\qttask.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmer\MultiRes\MultiRes.exe
C:\WINDOWS\StartupMonitor.exe
D:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\Acecad\Wtxpload.exe
C:\WINDOWS\system32\ZPOINT32.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\Acecad\xpoint32.exe
D:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmer\Alwil Software\Avast4\ashWebSv.exe
D:\Programmer\Rage3DTweak\RegTwk.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe
D:\games\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmer\Adobe\Illustrator 10\Support Files\Contents\Windows\Illustrator.exe
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe
D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
D:\programmer\rage3dtweak\gameutil.exe
D:\Programmer\RivaTuner\RivaTuner.exe
D:\Programmer\SpywareGuard\sgmain.exe
D:\Programmer\SpywareGuard\sgbhp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Copernic Desktop Search] "D:\Programmer\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Skyracer USB.lnk = D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.danskebank.dk
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Synes godt om

saudoo Nybegynder

07. marts 2005 - 22:05 #26

btw.. Den der Funsense toolbar, jeg skulle slette i starten, var en jeg selv har lavet, for sjovt skyld. Altså ikke en der blev installeret bag om en. Men til min daværende side, men links til undersiderne på den.

Bare så du vidste Funsense.dk ikke stod for at lave BHO'er.. :D

Synes godt om

kalp Novice

07. marts 2005 - 22:08 #27

Den har jeg vist ikke sagt du skal slette på noget tidspunkt:)

Jeg ser lige på loggen.. den er ved at være ren :/

Synes godt om

kalp Novice

07. marts 2005 - 22:12 #28

genstart i fejlsikret tilstand

Tryk start->kør og skriv "regedit"

tryk rediger->søg og skriv

New.Net

eller

New

slet den.. sørg lige for du har fat i den rigtige hvis du søger på nr 2:)
hvis du ikke har tilladelse til at slette den skal du højreklikke på den og give dig selv tilladelse til det

Fix denne i hijackthis

O10 - Hijacked Internet access by New.Net

genstart og se om den er væk fra loggen.

Synes godt om

ejvindh Ekspert

08. marts 2005 - 15:35 #29

Når jeg nu ER kommet i min indblandings-mode (*S*), så kan jeg ikke dy mig for at lægge et forslag til hvad der kan gøres, hvis new-net heller ikke forsvinder med det sidste råd:

Du skal hente et program, der hedder LSPFix, for din Internetforbindelse kan forsvinde, når du udfører nedenstående (afinstallation af New.net). Brug kun programmet, hvis Internetforbindelsen forsvinder: http://www.cexx.org/lspfix.htm
direkte link http://www.cexx.org/lspfix.zip

Anden version: http://danborg.org/spy/Newnet/winsockxpfix.exe (i tilfælde af, at LSPFix ikke virker).

Download begge til skrivebordet, så de er klar til brug, hvis forbindelsen forsvinder!

Download:
Spybot S&D:
http://www.download.com/3000-8022-10289035.html?tag=lst-0-2

Kør et scan med Spybot S&D:
Installer programmet og opdater det.
Der findes en god guide til installation på dette link:
http://www.datasikring.dk/spybot.asp
(bemærk at det ER den nyeste version du har hentet ovenfor!)

Inden du sætter programmet til at scanne:
Klik på Mode-advanced
Ude til venstre: Klik på Settings-Ignore Products
I det vindue der dukker op til højre: Højreklik på en tilfældig entry og vælg "Deselect all"
Ude til venstre: Klik på "Search & Destroy", og vælg herefter check for problems
Fix alle de røde entries som den finder.

Hvis du mister internetforbindelsen herved, så kør lspfix og evt. winsockxpfix. Ved Lspfix: Pak filen ud, kør programmet, sæt flueben i "I know what I am doing" klik på finish.

Synes godt om

saudoo Nybegynder

09. marts 2005 - 22:19 #30

Well.. den skrev at jeg skulle bruge LSPfix til at fjerne den med.. :>

Men nu er den i hvert fald væk..

Logfile of HijackThis v1.99.1
Scan saved at 10:20:00 PM, on 3/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
D:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programmer\QuickTime\qttask.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmer\MultiRes\MultiRes.exe
C:\WINDOWS\StartupMonitor.exe
D:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\Acecad\Wtxpload.exe
C:\WINDOWS\system32\ZPOINT32.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Acecad\xpoint32.exe
D:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmer\Rage3DTweak\RegTwk.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
D:\games\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
D:\programmer\rage3dtweak\gameutil.exe
D:\Programmer\RivaTuner\RivaTuner.exe
D:\Programmer\SpywareGuard\sgmain.exe
D:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopDisplay.exe
D:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe
D:\My Received Files\MSNFurax.exe
C:\Programmer\Messenger\msmsgs.exe
D:\My Received Files\MSNFurax.exe
C:\Programmer\MSN Messenger\MSNFurax.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programmer\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programmer\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\RunOnce: [DrvInstaller] C:\WINDOWS\drvinst.exe -e
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Skyracer USB.lnk = D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O4 - Global Startup: SnagIt 7.lnk = D:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: *.danskebank.dk
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Synes godt om

saudoo Nybegynder

09. marts 2005 - 22:20 #31

Og dog.. Det var dog utroligt.. :D

Skal vi så ikke bare lade den være? :)

Synes godt om

kalp Novice

09. marts 2005 - 22:23 #32

Grrr... hehe..

Prøvedet du at søge i registry?

Synes godt om

saudoo Nybegynder

10. marts 2005 - 00:51 #33

ja.. det var underligt nok ikke noget at finde.. :?

Synes godt om

saudoo Nybegynder

10. marts 2005 - 00:52 #34

Men i hvet fald tak for at få den sorte skærm væk.. :)

Synes godt om

kalp Novice

10. marts 2005 - 09:24 #35

Selv tak da:) ville ellers gerne have haft den væk.. den må stå et sted i regedit

Synes godt om

ejvindh Ekspert

10. marts 2005 - 11:56 #36

Jeg vil fraråde at stoppe her. For der ligger mere skidt i loggen, og det er ikke helt uskyldigt!

D:\My Received Files\MSNFurax.exe
D:\My Received Files\MSNFurax.exe
C:\Programmer\MSN Messenger\MSNFurax.exe

Hvis man søger lidt på nettet efter MSNfurax.exe, så finder man
http://www.2-spyware.com/remove-furax-trojan.html
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060599

Den er altså rimelig alvorlig. Prøv derfor dette:
Tag netstikket ud, Genstart i fejlsikret.

Kør LSPfix.exe (som du har hentet tidligere). Pak filen ud, kør programmet, sæt flueben i "I know what I am doing" klik på finish.

Tast ctrl-alt-delete og vælg jobliste, processer
Højreklik på disse processer (hvis de findes) og vælg afslut process.
D:\My Received Files\MSNFurax.exe
D:\My Received Files\MSNFurax.exe
C:\Programmer\MSN Messenger\MSNFurax.exe

Klik på Start-kør. Skriv: Services.msc Tast OK.
Find "Remote Packet Capture Protocol". Højreklik på den og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop.

Kør herefter HJT og fix disse entries:
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\RunOnce: [DrvInstaller] C:\WINDOWS\drvinst.exe -e
O10 - Hijacked Internet access by New.Net
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
-------------------
Filer:
D:\My Received Files\MSNFurax.exe
D:\My Received Files\MSNFurax.exe
C:\Programmer\MSN Messenger\MSNFurax.exe
C:\WINDOWS\drvinst.exe
---------------------------------------
Genstart normalt, hvis du har mistet internetforbindelsen kører du lspfix og evt. winsock som beskrevet tidligere. Læg en ny log til check.

Synes godt om

saudoo Nybegynder

10. marts 2005 - 13:42 #37

Fik den der New.dot net fjernet, ved først at bruge LSPfix, og derefter ind med HiJackThis..

Men her har du en ny log:

Logfile of HijackThis v1.99.1
Scan saved at 1:40:57 PM, on 3/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programmer\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programmer\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Skyracer USB.lnk = D:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O4 - Global Startup: SnagIt 7.lnk = D:\Programmer\TechSmith\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Synes godt om

ejvindh Ekspert

10. marts 2005 - 13:45 #38

Alle tiders! Du er desværre kommet til at køre HJT fra fejlsikret, så jeg kan ikke se om MSNFurax.exe er forsvundet også. Genstart til normalt, og lav en ny log, som du lægger herind. Det andet ser ellers fint ud.

Synes godt om

saudoo Nybegynder

10. marts 2005 - 20:58 #39

Logfile of HijackThis v1.99.1
Scan saved at 8:58:35 PM, on 3/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\QuickTime\qttask.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Programmer\MultiRes\MultiRes.exe
C:\WINDOWS\StartupMonitor.exe
D:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\Acecad\Wtxpload.exe
C:\WINDOWS\system32\ZPOINT32.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\Acecad\xpoint32.exe
D:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programmer\Rage3DTweak\RegTwk.exe
D:\games\steam\steam.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\programmer\rage3dtweak\gameutil.exe
D:\Programmer\SpywareGuard\sgmain.exe
D:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Media Player\wmplayer.exe
D:\Programmer\Mozilla Firefox\firefox.exe
D:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Jakob\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.funsense.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmer\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Funsense.dk genveje - {F7B412CC-A1E3-4DE8-A069-C96C4F726EBC} - D:\Programmer\Funsense.dk genveje\funsense.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MultiRes] D:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [LogonStudio] "D:\Programmer\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "D:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [RegTweak] D:\Programmer\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: gameutil.exe.lnk = ?
O4 - Startup: RivaTuner.lnk = D:\Programmer\RivaTuner\RivaTuner.exe
O4 - Startup: SpywareGuard.lnk = D:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Download All Files by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - D:\PROGRA~1\HIDOWN~1\HDGet.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Flash by FlashKeeper - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - D:\Programmer\FlashKeeper\GetFlash.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - D:\PROGRA~1\HIDOWN~1\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O20 - Winlogon Notify: WB - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Synes godt om

ejvindh Ekspert

11. marts 2005 - 09:17 #40

Så blev den helt ren :-)

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.

Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Du kan også rense browser cachen (hvis du bruger IE-explorer)
1. Klik på Funktioner - Internetindstillinger
2. Under midlertidige filer, klik på Slet cookies
3. Under midlertidige filer, klik på slet filer – sæt flueben i slet alt offline indhold
4. Under Oversigten, klik på ryd oversigten
5. Klik på ok.
Tøm din papirkurv.
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Som minimum vil jeg anbefale at lægge Spywareguard, Spywareblaster og IE-spyad ind. Alle programmer kan du finde links til herfra:
http://www.spywarefri.dk/vaerktoj.htm

Synes godt om

ejvindh Ekspert

11. marts 2005 - 09:36 #41

Kalp: Nu har jeg efterhånden gjort arbejdet færdig for dig et par gange. Jeg synes den her var lidt grov, så jeg synes det ville være rimeligt at du krediterer lidt for det.

Synes godt om

tonnybrandt Nybegynder

11. marts 2005 - 10:10 #42

Ejvindh > Flot og gennemført arbejde !!

Synes godt om

ejvindh Ekspert

11. marts 2005 - 11:13 #43

Tak for roserne, Tonnybrandt. Det luner :-)

Synes godt om

saudoo Nybegynder

12. marts 2005 - 15:03 #44

Okay tak Ejvindh.. :)

Skal nok også lige oprette et nyt spørgsmål til dig.. :)

Synes godt om

tonnybrandt Nybegynder

12. marts 2005 - 15:15 #45

saudoo > Det må du faktisk ikke, idet du allerede har givet 200 point for dette spørgsmål og det er max point for et spørgsmål. Skal ejvindh have point skal de komme fra kalp.
Sådan er reglerne ..

Synes godt om

kalp Novice

12. marts 2005 - 15:16 #46

Det blev afklaret forleden dag mellem mig og ejvindh så ejvindh har fået point af mig:)

Synes godt om

saudoo Nybegynder

12. marts 2005 - 15:19 #47

http://www.eksperten.dk/spm/599467

Synes godt om

saudoo Nybegynder

12. marts 2005 - 15:20 #48

ah okay.. :)

Synes godt om

tonnybrandt Nybegynder

12. marts 2005 - 15:33 #49

kalp > Det var da ikke fra dette spørgsmål, såvidt jeg husker ? Eller tager jeg fejl ?

Synes godt om

kalp Novice

12. marts 2005 - 15:38 #50

tonnybrandt>> Vi blev enige om pointene gik for dette spørgsmål:)

Synes godt om

tonnybrandt Nybegynder

12. marts 2005 - 15:39 #51

kalp > ok, så er alt jo godt *s*

Synes godt om

ejvindh Ekspert

12. marts 2005 - 16:53 #52

Ja, kalp og jeg har "afregnet", og alt er i orden. Det burde vi selvfølgelig også lige have skrevet ind i denne tråd.

saudoo: det var ellers en venlig tanke, men Tonnybrandt har ret angående reglerne. Iøvrigt så vil jeg også mene at du allerede ved at give 200 point for tråden har været rundhåndet. Det er ofte vi ender med at bruge ligeså meget krudt på en tråd med 15p. :-)

Synes godt om

saudoo Nybegynder

12. marts 2005 - 17:00 #53

Okay.. men så siger jeg bare mange gange tak til jer begge.. :)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS