Notifikationer

Markér alle som læst Log ud

kalleferm Nybegynder

09. maj 2005 - 11:33 Der er 6 kommentarer og
1 løsning

Startside der er umulig at ændre

Jeg har fået noget spyware ind der ændre min startside til http://utruuh.globe-finder.cc/bayzm/

Jeg har prøvet: Spybot, AdAware, Microsoft AntiSpyware, Spyware Guard og ingen af dem har kunnet finde/fjerne det.

Logfil fra Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 11:28:01, on 09-05-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Labtec\Mouse\2.1\moffice.exe
C:\Programmer\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\Documents and Settings\Allan\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmer\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmer\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20762c133f485ef53018/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113665899731
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Synes godt om

magictouch Nybegynder

09. maj 2005 - 11:48 #1

kigger på den

Synes godt om

magictouch Nybegynder

09. maj 2005 - 12:01 #2

download Startdreck.zip http://www.niksoft.at/download/startdreck.htm
Tryk på <Download>

Udpak til skrivebordet. Dobbeltklik: 'StartDreck.exe'
Click på config button.
Click på- Unmark all button
Under "System/Drivers, Sæt flueben i disse boxe :
*Mark NT Services
*List binaries
*NT Kernel- and FS Drivers
Klik på - OK, derefter
Save knappen for at gemme loggen. Gå til the StartDreck mappen og find Startdreck.log filen.

Kopier loggen herind sammen med en ny hijackthis log.

Synes godt om

magictouch Nybegynder

09. maj 2005 - 12:02 #3

Lav først en mappe på skrivebordet til startdreck

Synes godt om

kalleferm Nybegynder

09. maj 2005 - 12:12 #4

StartDreck (build 2.1.7 public stable) - 2005-05-09 @ 12:10:47 (GMT +02:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as Allan at ALLAN

»Registry
»Files
»System/Drivers
»NT Services
*Alerter Alerter - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Gatewaytjeneste til programlaget ALG running on demand
`binary: C:\WINDOWS\System32\alg.exe
*Programadministration AppMgmt - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Ati HotKey Poller Ati HotKey Poller running auto
`binary: C:\WINDOWS\System32\Ati2evxx.exe
*Windows Audio AudioSrv running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Tjenesten Background Intelligent Transfer BITS - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Computerbrowser Browser running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec Event Manager ccEvtMgr running auto
`binary: "C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe"
*Symantec Password Validation Service ccPwdSvc - on demand
`binary: "C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe"
*Indekseringstjeneste CiSvc - on demand
`binary: C:\WINDOWS\system32\cisvc.exe
*Udklipsbog ClipSrv - on demand
`binary: C:\WINDOWS\system32\clipsrv.exe
*COM+-systemprogram COMSysApp - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
*Kryptografiske tjenester CryptSvc running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*DHCP-klientprogram Dhcp running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Logical Disk Manager Administrative Service dmadmin - on demand
`binary: C:\WINDOWS\System32\dmadmin.exe /com
*Logical Disk Manager dmserver - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*DNS-klient Dnscache running auto
`binary: C:\WINDOWS\System32\svchost.exe -k NetworkService
*Tjenesten Fejlrapportering ERSvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Hændelseslog Eventlog running auto
`binary: C:\WINDOWS\system32\services.exe
*COM+-hændelsessystem EventSystem running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Hurtigt brugerskift-kompatibilitet FastUserSwitchingCom - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Hjælp og support helpsvc running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Adgang til brugerstyrede inputenheder (HID) HidServ - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*IBM PM Service IBMPMSVC running auto
`binary: C:\WINDOWS\System32\ibmpmsvc.exe
*COM-tjenesten IMAPI cd-skrivning ImapiService - on demand
`binary: C:\WINDOWS\System32\imapi.exe
*iPod Service iPodService - on demand
`binary: C:\Programmer\iPod\bin\iPodService.exe
*Infrarød overvågning Irmon running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Server lanmanserver running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Arbejdsstation lanmanworkstation running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Tjenesten TCP/IP NetBIOS Helper LmHosts running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Machine Debug Manager MDM running auto
`binary: "C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe"
*Messenger Messenger running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NetMeeting - Deling af fjernskrivebord mnmsrvc - on demand
`binary: C:\WINDOWS\System32\mnmsrvc.exe
*DTC (Distributed Transaction Coordinator) MSDTC - on demand
`binary: C:\WINDOWS\System32\msdtc.exe
*Windows Installer MSIServer - on demand
`binary: C:\WINDOWS\System32\msiexec.exe /V
*Norton AntiVirus Auto Protect navapsvc running auto
`binary: "C:\Programmer\Norton AntiVirus\navapsvc.exe"
*Network DDE NetDDE - on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Network DDE DSDM NetDDEdsdm - on demand
`binary: C:\WINDOWS\system32\netdde.exe
*Netlogon Netlogon - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Netværksforbindelser Netman running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NLA (Network Location Awareness) Nla running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*NT LM Security Support Provider NtLmSsp - on demand
`binary: C:\WINDOWS\System32\lsass.exe
*Flytbare lagermedier NtmsSvc - on demand
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Office Source Engine ose - on demand
`binary: "C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE"
*Plug and Play PlugPlay running auto
`binary: C:\WINDOWS\system32\services.exe
*IPSEC Policy Agent PolicyAgent running auto
`binary: C:\WINDOWS\System32\lsass.exe
*Beskyttet lager ProtectedStorage running auto
`binary: C:\WINDOWS\system32\lsass.exe
*QCONSVC QCONSVC running auto
`binary: System32\QCONSVC.EXE
*Remote Access Auto Connection Manager RasAuto - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Access Connection Manager RasMan running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Hjælp til Sessionsstyring til Fjernskrivebord RDSessMgr - on demand
`binary: C:\WINDOWS\system32\sessmgr.exe
*RegSrvc RegSrvc running auto
`binary: C:\WINDOWS\System32\RegSrvc.exe
*Routing og Remote Access RemoteAccess - disabled
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Remote Registry RemoteRegistry running auto
`binary: C:\WINDOWS\system32\svchost.exe -k LocalService
*Remote Procedure Call (RPC) Locator RpcLocator - on demand
`binary: C:\WINDOWS\System32\locator.exe
*Remote Procedure Call (RPC) RpcSs running auto
`binary: C:\WINDOWS\system32\svchost -k rpcss
*QoS RSVP RSVP - on demand
`binary: C:\WINDOWS\System32\rsvp.exe
*Spectrum24 Event Monitor S24EventMonitor running auto
`binary: C:\WINDOWS\System32\S24EvMon.exe
*SAM (Security Accounts Manager) SamSs running auto
`binary: C:\WINDOWS\system32\lsass.exe
*ScriptBlocking Service SBService - auto
`binary: C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
*Chipkort Hjælp SCardDrv - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Chipkort SCardSvr - on demand
`binary: C:\WINDOWS\System32\SCardSvr.exe
*Opgavestyring Schedule running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Alternativt logon seclogon running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*System Event Notification SENS running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Firewall til Internetforbindelse / Deling af In SharedAccess running auto
`ternetforbindelse
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Hardwaregenkendelse på brugergrænsefladen ShellHWDetection running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Symantec Network Drivers Service SNDSrvc - on demand
`binary: "C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe"
*Print Spooler Spooler running auto
`binary: C:\WINDOWS\system32\spoolsv.exe
*Tjenesten Systemgendannelse srservice running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*SSDP-genkendelsestjeneste SSDPSRV running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows-billedscanning stisvc - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k imgsvc
*MS Software Shadow Copy Provider SwPrv - on demand
`binary: C:\WINDOWS\System32\dllhost.exe /Processid:{7D102972-0BE3-45D1-8FBE-A5A76284128C}
*SymWMI Service SymWSC - auto
`binary: "C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe"
*Performance Logs and Alerts SysmonLog - on demand
`binary: C:\WINDOWS\system32\smlogsvc.exe
*Telekommunikation TapiSrv running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Terminal Services TermService running on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Temaer Themes running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Telnet TlntSvr - disabled
`binary: C:\WINDOWS\System32\tlntsvr.exe
*IBM KCU Service TpKmpSVC running auto
`binary: C:\WINDOWS\system32\TpKmpSVC.exe
*Distributed Link Tracking Client TrkWks running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Windows User Mode Driver Framework UMWdf running auto
`binary: C:\WINDOWS\System32\wdfmgr.exe
*Upload Manager uploadmgr running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Vært for Universal Plug and Play-enhed upnphost - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*UPS (Uninterruptible Power Supply) UPS - on demand
`binary: C:\WINDOWS\System32\ups.exe
*Øjebliksbillede af diskenhed VSS - on demand
`binary: C:\WINDOWS\System32\vssvc.exe
*Windows Time W32Time running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Webklient WebClient running auto
`binary: C:\WINDOWS\System32\svchost.exe -k LocalService
*Windows Management Instrumentation winmgmt running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Serienummertjenesten for bærbart medie WmdmPmSN - on demand
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*Windows Management Instrumentation-driverudvide Wmi - on demand
`lser
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*WMI-ydelseskort WmiApSrv - on demand
`binary: C:\WINDOWS\System32\wbem\wmiapsrv.exe
*Automatiske opdateringer wuauserv running auto
`binary: C:\WINDOWS\system32\svchost.exe -k netsvcs
*Automatisk konfiguration af trådløse enheder WZCSVC running auto
`binary: C:\WINDOWS\System32\svchost.exe -k netsvcs
*AVG7 Alert Manager Server Avg7Alrt running auto
`binary: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
*AVG7 Update Service Avg7UpdSvc running auto
`binary: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
»NT Kernel- and FS-drivers
*Abiosdsk Abiosdsk - disabled
`binary:
*abp480n5 abp480n5 - disabled
`binary: \SystemRoot\System32\DRIVERS\ABP480N5.SYS
*Installationstjeneste til Intel(r) 82801-lyddri ac97intc - on demand
`ver (WDM)
`binary: system32\drivers\ac97intc.sys
*Microsoft ACPI-driver ACPI running boot
`binary: \SystemRoot\System32\DRIVERS\ACPI.sys
*Driver til Microsoft Embedded-controller ACPIEC running boot
`binary: \SystemRoot\System32\DRIVERS\ACPIEC.sys
*adpu160m adpu160m - disabled
`binary: \SystemRoot\System32\DRIVERS\adpu160m.sys
*aeaudio aeaudio running on demand
`binary: system32\drivers\aeaudio.sys
*Microsoft Kernel Acoustic Echo Canceller aec - on demand
`binary: system32\drivers\aec.sys
*Understøttelse af AFD-netværk AFD running auto
`binary: \SystemRoot\System32\drivers\afd.sys
*Agere Systems Soft Modem AgereSoftModem running on demand
`binary: System32\DRIVERS\AGRSM.sys
*Intel AGP-busfilter agp440 running boot
`binary: \SystemRoot\System32\DRIVERS\agp440.sys
*Compaq AGP-busfilter agpCPQ - disabled
`binary: \SystemRoot\System32\DRIVERS\agpCPQ.sys
*Aha154x Aha154x - disabled
`binary: \SystemRoot\System32\DRIVERS\aha154x.sys
*aic78u2 aic78u2 - disabled
`binary: \SystemRoot\System32\DRIVERS\aic78u2.sys
*aic78xx aic78xx - disabled
`binary: \SystemRoot\System32\DRIVERS\aic78xx.sys
*AliIde AliIde - disabled
`binary: \SystemRoot\System32\DRIVERS\aliide.sys
*ALI AGP-busfilter alim1541 - disabled
`binary: \SystemRoot\System32\DRIVERS\alim1541.sys
*Filterdriver til AMD AGP-bus amdagp - disabled
`binary: \SystemRoot\System32\DRIVERS\amdagp.sys
*amsint amsint - disabled
`binary: \SystemRoot\System32\DRIVERS\amsint.sys
*ANC ANC running system
`binary: System32\drivers\ANC.SYS
*1394 ARP-klientprotokol Arp1394 - on demand
`binary: System32\DRIVERS\arp1394.sys
*asc asc - disabled
`binary: \SystemRoot\System32\DRIVERS\asc.sys
*asc3350p asc3350p - disabled
`binary: \SystemRoot\System32\DRIVERS\asc3350p.sys
*asc3550 asc3550 - disabled
`binary: \SystemRoot\System32\DRIVERS\asc3550.sys
*RAS-asynkron mediedriver AsyncMac - on demand
`binary: System32\DRIVERS\asyncmac.sys
*Standard IDE/ESDI-harddiskcontroller atapi running boot
`binary: \SystemRoot\System32\DRIVERS\atapi.sys
*Atdisk Atdisk - disabled
`binary:
*ati2mtag ati2mtag running on demand
`binary: System32\DRIVERS\ati2mtag.sys
*ATM ARP-klientprotokol Atmarpc - on demand
`binary: System32\DRIVERS\atmarpc.sys
*Lydstubdriver audstub running on demand
`binary: System32\DRIVERS\audstub.sys
*battca battca running auto
`binary: \??\C:\WINDOWS\System32\drivers\battca.sys
*Beep Beep running system
`binary:
*MAC-bro Bridge - on demand
`binary: System32\DRIVERS\bridge.sys
*MAC-bro-miniport BridgeMP running on demand
`binary: System32\DRIVERS\bridge.sys
*cbidf cbidf - disabled
`binary: \SystemRoot\System32\DRIVERS\cbidf2k.sys
*cbidf2k cbidf2k - disabled
`binary:
*cd20xrnt cd20xrnt - disabled
`binary: \SystemRoot\System32\DRIVERS\cd20xrnt.sys
*Cdaudio Cdaudio - system
`binary:
*Cdfs Cdfs running disabled
`binary:
*Cd-rom-driver Cdrom running system
`binary: System32\DRIVERS\cdrom.sys
*Changer Changer - system
`binary:
*Microsoft ACPI Control Method-batteri CmBatt running on demand
`binary: System32\DRIVERS\CmBatt.sys
*CmdIde CmdIde - on demand
`binary: \SystemRoot\System32\DRIVERS\cmdide.sys
*Microsoft Composite Battery Driver Compbatt running boot
`binary: \SystemRoot\System32\DRIVERS\compbatt.sys
*Cpqarray Cpqarray - disabled
`binary: \SystemRoot\System32\DRIVERS\cpqarray.sys
*dac2w2k dac2w2k - disabled
`binary: \SystemRoot\System32\DRIVERS\dac2w2k.sys
*dac960nt dac960nt - disabled
`binary: \SystemRoot\System32\DRIVERS\dac960nt.sys
*Diskdriver Disk running boot
`binary: \SystemRoot\System32\DRIVERS\disk.sys
*dmboot dmboot - disabled
`binary: System32\drivers\dmboot.sys
*dmio dmio - disabled
`binary: System32\drivers\dmio.sys
*dmload dmload - disabled
`binary: System32\drivers\dmload.sys
*Microsoft Kernel DLS-synthesizer DMusic - on demand
`binary: system32\drivers\DMusic.sys
*dpti2o dpti2o - disabled
`binary: \SystemRoot\System32\DRIVERS\dpti2o.sys
*Microsoft Kernel DRM Audio Descrambler drmkaud - on demand
`binary: system32\drivers\drmkaud.sys
*drvmcdb drvmcdb running boot
`binary: \SystemRoot\system32\drivers\drvmcdb.sys
*drvnddm drvnddm running auto
`binary: system32\drivers\drvnddm.sys
*Intel(R) PRO/1000 Adapter Driver E1000 running on demand
`binary: System32\DRIVERS\e1000325.sys
*Driver til Intel (R) PRO-netværkskort E100B - on demand
`binary: System32\DRIVERS\e100b325.sys
*Fastfat Fastfat - disabled
`binary:
*Driver til diskettedrevscontroller Fdc running on demand
`binary: System32\DRIVERS\fdc.sys
*Fips Fips running system
`binary:
*Flpydisk Flpydisk - system
`binary:
*Driver til diskenhedsstyring Ftdisk running boot
`binary: \SystemRoot\System32\DRIVERS\ftdisk.sys
*GEAR CDRom Filter GEARAspiWDM running on demand
`binary: SYSTEM32\DRIVERS\GEARAspiWDM.sys
*Standardpakkeklassificering Gpc running on demand
`binary: System32\DRIVERS\msgpc.sys
*Driver til Intel GV3-processor gv3 running on demand
`binary: System32\DRIVERS\gv3.sys
*Microsoft HID-klassedriver HidUsb running on demand
`binary: System32\DRIVERS\hidusb.sys
*hpn hpn - disabled
`binary: \SystemRoot\System32\DRIVERS\hpn.sys
*i2omgmt i2omgmt running system
`binary:
*i2omp i2omp - disabled
`binary: \SystemRoot\System32\DRIVERS\i2omp.sys
*i8042-tastatur og PS/2-museportdriver i8042prt running system
`binary: System32\DRIVERS\i8042prt.sys
*IBMPMDRV IBMPMDRV running on demand
`binary: System32\DRIVERS\ibmpmdrv.sys
*IBMTPCHK IBMTPCHK running system
`binary: System32\drivers\IBMBLDID.SYS
*Filterdriver til cd-skrivning Imapi running system
`binary: System32\DRIVERS\imapi.sys
*ini910u ini910u - disabled
`binary: \SystemRoot\System32\DRIVERS\ini910u.sys
*IntelIde IntelIde - disabled
`binary: \SystemRoot\System32\DRIVERS\intelide.sys
*Filterdriver til IP-trafik IpFilterDriver - on demand
`binary: System32\DRIVERS\ipfltdrv.sys
*Driver til IP i IP-tunnel IpInIp - on demand
`binary: System32\DRIVERS\ipinip.sys
*Oversætter til IP-netværksadresser IpNat running on demand
`binary: System32\DRIVERS\ipnat.sys
*IPSEC-driver IPSec running system
`binary: System32\DRIVERS\ipsec.sys
*IrDA-protokol irda running auto
`binary: System32\DRIVERS\irda.sys
*Tjeneste til IR-optælling IRENUM running on demand
`binary: System32\DRIVERS\irenum.sys
*PnP ISA/EISA-busdriver isapnp running boot
`binary: \SystemRoot\System32\DRIVERS\isapnp.sys
*Klassedriver til tastatur Kbdclass running system
`binary: System32\DRIVERS\kbdclass.sys
*Microsoft Kernel Wave-lydmixer kmixer running on demand
`binary: system32\drivers\kmixer.sys
*KSecDD KSecDD running boot
`binary:
*lbrtfdc lbrtfdc - system
`binary:
*LT Modem Driver ltmodem5 - on demand
`binary: System32\DRIVERS\ltmdmnt.sys
*AEGIS Protocol (IEEE 802.1x) v2.2.1.0 MDC8021X running auto
`binary: System32\DRIVERS\mdc8021x.sys
*mnmdd mnmdd running system
`binary:
*Modem Modem running on demand
`binary:
*Klassedriver til mus Mouclass running system
`binary: System32\DRIVERS\mouclass.sys
*HID-driver til mus mouhid running on demand
`binary: System32\DRIVERS\mouhid.sys
*MountMgr MountMgr running boot
`binary:
*mraid35x mraid35x - disabled
`binary: \SystemRoot\System32\DRIVERS\mraid35x.sys
*Klientomdirigering for WebDav MRxDAV running on demand
`binary: System32\DRIVERS\mrxdav.sys
*MRxSmb MRxSmb running system
`binary: System32\DRIVERS\mrxsmb.sys
*Msfs Msfs running system
`binary:
*Microsoft IR Communications Driver MSIRCOMM - on demand
`binary: System32\DRIVERS\MSIRCOMM.sys
*Serviceproxy til Microsoft Streaming MSKSSRV - on demand
`binary: system32\drivers\MSKSSRV.sys
*Microsoft Streaming Clock Proxy MSPCLOCK - on demand
`binary: system32\drivers\MSPCLOCK.sys
*Kvalitetsstyringsproxy til Microsoft Streaming MSPQM - on demand
`binary: system32\drivers\MSPQM.sys
*Mup Mup running boot
`binary:
*NAVENG NAVENG running on demand
`binary: \??\C:\PROGRA~1\FÆLLES~1\SYMANT~1\VIRUSD~1\20050428.018\NAVENG.Sys
*NAVEX15 NAVEX15 running on demand
`binary: \??\C:\PROGRA~1\FÆLLES~1\SYMANT~1\VIRUSD~1\20050428.018\NavEx15.Sys
*NDIS-systemdriver NDIS running boot
`binary:
*Remote Access NDIS TAPI-driver NdisTapi running on demand
`binary: System32\DRIVERS\ndistapi.sys
*NDIS-protokol til I/O i brugertilstand Ndisuio running on demand
`binary: System32\DRIVERS\ndisuio.sys
*Remote Access NDIS WAN-driver NdisWan running on demand
`binary: System32\DRIVERS\ndiswan.sys
*NDIS Proxy NDProxy running on demand
`binary:
*NetBIOS-grænseflade NetBIOS running system
`binary: System32\DRIVERS\netbios.sys
*NetBT NetBT running system
`binary: System32\DRIVERS\netbt.sys
*1394-netværksdriver NIC1394 - on demand
`binary: System32\DRIVERS\nic1394.sys
*Npfs Npfs running system
`binary:
*NSC Infrared enhedsdriver NSCIRDA running on demand
`binary: System32\DRIVERS\nscirda.sys
*Ntfs Ntfs running disabled
`binary:
*Null Null running system
`binary:
*Filterdriver til IPX-trafik NwlnkFlt - on demand
`binary: System32\DRIVERS\nwlnkflt.sys
*Driver til IPX-trafikvideresendelse NwlnkFwd - on demand
`binary: System32\DRIVERS\nwlnkfwd.sys
*Texas Instruments OHCI Compliant IEEE 1394-vært ohci1394 running boot
`scontroller
`binary: \SystemRoot\System32\DRIVERS\ohci1394.sys
*Driver til Intel PentiumIII-processor P3 - system
`binary: System32\DRIVERS\p3.sys
*Driver til parallel port Parport running on demand
`binary: System32\DRIVERS\parport.sys
*PartMgr PartMgr running boot
`binary:
*ParVdm ParVdm running auto
`binary:
*PCI-busdriver PCI running boot
`binary: \SystemRoot\System32\DRIVERS\pci.sys
*PCIDump PCIDump - system
`binary:
*PCIIde PCIIde running boot
`binary: \SystemRoot\System32\DRIVERS\pciide.sys
*Pcmcia Pcmcia running boot
`binary: \SystemRoot\System32\DRIVERS\pcmcia.sys
*PDCOMP PDCOMP - on demand
`binary:
*PDFRAME PDFRAME - on demand
`binary:
*PDRELI PDRELI - on demand
`binary:
*PDRFRAME PDRFRAME - on demand
`binary:
*perc2 perc2 - disabled
`binary: \SystemRoot\System32\DRIVERS\perc2.sys
*perc2hib perc2hib - disabled
`binary: \SystemRoot\System32\DRIVERS\perc2hib.sys
*PMEM PMEM running auto
`binary: \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
*WAN-miniport (PPTP) PptpMiniport running on demand
`binary: System32\DRIVERS\raspptp.sys
*QoS-pakkeplanlægning PSched running on demand
`binary: System32\DRIVERS\psched.sys
*Driver til direkte, parallel forbindelse Ptilink running on demand
`binary: System32\DRIVERS\ptilink.sys
*PxHelp20 PxHelp20 running boot
`binary: \SystemRoot\System32\DRIVERS\PxHelp20.sys
*QCNDISIF QCNDISIF - on demand
`binary: System32\drivers\qcndisif.SYS
*ql1080 ql1080 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql1080.sys
*Ql10wnt Ql10wnt - disabled
`binary: \SystemRoot\System32\DRIVERS\ql10wnt.sys
*ql12160 ql12160 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql12160.sys
*ql1240 ql1240 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql1240.sys
*ql1280 ql1280 - disabled
`binary: \SystemRoot\System32\DRIVERS\ql1280.sys
*Driver til Remote Access Auto Connection RasAcd running system
`binary: System32\DRIVERS\rasacd.sys
*WAN-miniport (IrDA) Rasirda running on demand
`binary: System32\DRIVERS\rasirda.sys
*WAN-miniport (L2TP) Rasl2tp running on demand
`binary: System32\DRIVERS\rasl2tp.sys
*Remote Access PPPOE-driver RasPppoe running on demand
`binary: System32\DRIVERS\raspppoe.sys
*Direkte parallel Raspti running on demand
`binary: System32\DRIVERS\raspti.sys
*Rdbss Rdbss running system
`binary: System32\DRIVERS\rdbss.sys
*RDPCDD RDPCDD running system
`binary: System32\DRIVERS\RDPCDD.sys
*Driver til Terminal Server-enhedsomdirigering rdpdr running on demand
`binary: System32\DRIVERS\rdpdr.sys
*RDPWD RDPWD - on demand
`binary:
*Filterdriver til digital cd-lydafspilning redbook running system
`binary: System32\DRIVERS\redbook.sys
*WLAN Transport s24trans running auto
`binary: System32\DRIVERS\s24trans.sys
*S3SSavage S3SSavage - on demand
`binary: System32\DRIVERS\s3ssavm.sys
*SAVRT SAVRT running on demand
`binary: \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS
*SAVRTPEL SAVRTPEL running auto
`binary: \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS
*Secdrv Secdrv running auto
`binary: System32\DRIVERS\secdrv.sys
*Serenum-filterdriver serenum running on demand
`binary: System32\DRIVERS\serenum.sys
*Seriel portdriver Serial running system
`binary: System32\DRIVERS\serial.sys
*Sfloppy Sfloppy - system
`binary:
*ShockMgr ShockMgr running auto
`binary:
*Shockprf Shockprf running boot
`binary:
*Simbad Simbad - disabled
`binary:
*SIS AGP-busfilter sisagp - disabled
`binary: \SystemRoot\System32\DRIVERS\sisagp.sys
*Smapint Smapint running system
`binary: System32\drivers\Smapint.sys
*smwdm smwdm running on demand
`binary: system32\drivers\smwdm.sys
*Sparrow Sparrow - disabled
`binary: \SystemRoot\System32\DRIVERS\sparrow.sys
*Microsoft Kernel Audio Splitter splitter - on demand
`binary: system32\drivers\splitter.sys
*Filterdriver til Systemgendannelse sr running boot
`binary: \SystemRoot\System32\DRIVERS\sr.sys
*Srv Srv running on demand
`binary: System32\DRIVERS\srv.sys
*sscdbhk5 sscdbhk5 running system
`binary: system32\drivers\sscdbhk5.sys
*ssrtln ssrtln running system
`binary: system32\drivers\ssrtln.sys
*Software-busdriver swenum running on demand
`binary: System32\DRIVERS\swenum.sys
*Microsoft Kernel GS Wavetable-synthesizer swmidi - on demand
`binary: system32\drivers\swmidi.sys
*symc810 symc810 - disabled
`binary: \SystemRoot\System32\DRIVERS\symc810.sys
*symc8xx symc8xx - disabled
`binary: \SystemRoot\System32\DRIVERS\symc8xx.sys
*SymEvent SymEvent running on demand
`binary: \??\C:\Programmer\Symantec\SYMEVENT.SYS
*SYMREDRV SYMREDRV - on demand
`binary: \SystemRoot\System32\Drivers\SYMREDRV.SYS
*SYMTDI SYMTDI running system
`binary: \SystemRoot\System32\Drivers\SYMTDI.SYS
*sym_hi sym_hi - disabled
`binary: \SystemRoot\System32\DRIVERS\sym_hi.sys
*sym_u3 sym_u3 - disabled
`binary: \SystemRoot\System32\DRIVERS\sym_u3.sys
*Synaptics TouchPad Driver SynTP running on demand
`binary: System32\DRIVERS\SynTP.sys
*Microsoft Kernel System Audio-enhed sysaudio running on demand
`binary: system32\drivers\sysaudio.sys
*TCP/IP-protokoldriver Tcpip running system
`binary: System32\DRIVERS\tcpip.sys
*TDPIPE TDPIPE - on demand
`binary:
*TDSMAPI TDSMAPI running system
`binary: System32\drivers\TDSMAPI.SYS
*TDTCP TDTCP - on demand
`binary:
*Driver til terminalenhed TermDD running system
`binary: System32\DRIVERS\termdd.sys
*tfsnboio tfsnboio running auto
`binary: system32\dla\tfsnboio.sys
*tfsncofs tfsncofs running auto
`binary: system32\dla\tfsncofs.sys
*tfsndrct tfsndrct running auto
`binary: system32\dla\tfsndrct.sys
*tfsndres tfsndres running auto
`binary: system32\dla\tfsndres.sys
*tfsnifs tfsnifs running auto
`binary: system32\dla\tfsnifs.sys
*tfsnopio tfsnopio running auto
`binary: system32\dla\tfsnopio.sys
*tfsnpool tfsnpool running auto
`binary: system32\dla\tfsnpool.sys
*tfsnudf tfsnudf running auto
`binary: system32\dla\tfsnudf.sys
*tfsnudfa tfsnudfa running auto
`binary: system32\dla\tfsnudfa.sys
*TosIde TosIde - disabled
`binary: \SystemRoot\System32\DRIVERS\toside.sys
*TPHKDRV TPHKDRV running system
`binary:
*TPPWR TPPWR running system
`binary: System32\drivers\Tppwr.sys
*TSMAPIP TSMAPIP running system
`binary: System32\drivers\TSMAPIP.SYS
*IBM PS/2 TrackPoint-filterdriver TwoTrack - on demand
`binary: System32\DRIVERS\TwoTrack.sys
*Udfs Udfs - disabled
`binary:
*ultra ultra - disabled
`binary: \SystemRoot\System32\DRIVERS\ultra.sys
*Opdateringsdriver til mikrokode Update running on demand
`binary: System32\DRIVERS\update.sys
*Miniportdriver til Microsoft USB 2.0-udvidet væ usbehci running on demand
`rtscontroller
`binary: System32\DRIVERS\usbehci.sys
*USB2-aktiveret hub usbhub running on demand
`binary: System32\DRIVERS\usbhub.sys
*Driver til USB-lagerenhed USBSTOR - on demand
`binary: System32\DRIVERS\USBSTOR.SYS
*Microsoft USB-universel værtscontroller minipor usbuhci running on demand
`tdriver
`binary: System32\DRIVERS\usbuhci.sys
*VgaSave VgaSave running system
`binary: \SystemRoot\System32\drivers\vga.sys
*VIA AGP-busfilter viaagp - disabled
`binary: \SystemRoot\System32\DRIVERS\viaagp.sys
*ViaIde ViaIde - disabled
`binary: \SystemRoot\System32\DRIVERS\viaide.sys
*VolSnap VolSnap running boot
`binary:
*Intel(R) PRO/Wireless 7100 Adapter - Driver w70n51 running on demand
`binary: System32\DRIVERS\w70n51.sys
*Remote Access IP ARP-driver Wanarp running on demand
`binary: System32\DRIVERS\wanarp.sys
*WDICA WDICA - on demand
`binary:
*Microsoft WINNM WDM-kompatibel lyddriver wdmaud running on demand
`binary: system32\drivers\wdmaud.sys
*AVG7 Kernel Avg7Core running system
`binary: \SystemRoot\System32\Drivers\avg7core.sys
*AVG7 Wrap Driver Avg7RsW running system
`binary: \SystemRoot\System32\Drivers\avg7rsw.sys
*AVG7 Rezident Driver Avg7RsXP running system
`binary: \SystemRoot\System32\Drivers\avg7rsxp.sys
»Application specific

Logfile of HijackThis v1.99.1
Scan saved at 12:11:57, on 09-05-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Labtec\Mouse\2.1\moffice.exe
C:\Programmer\Labtec\Mouse\2.1\MOUSE32A.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Grisoft\AVG Free\avgcc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Allan\Skrivebord\virus software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 1159680172 auto.search.msn.com
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.1\googlenav.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmer\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmer\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20762c133f485ef53018/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113665899731
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

Synes godt om

magictouch Nybegynder

09. maj 2005 - 13:06 #5

Genstart fejlsikret tilstand. Du trykker f8 nogle gange når Windows starter op.

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Find:
C:\WINDOWS\System32\drivers\battca.sys
Og omdøb den til- battca.old

Kør en scanning med Hijackthis, så du kan se alle filer.

Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rl.webtracer.cc/-/?bayzm
O1 - Hosts: 1159680172 auto.search.msn.com
O19 - User stylesheet: C:\WINDOWS\stsheets.dat

Slet nedenstående filer og mapper. Bliv ikke forbavset hvis du ikke kan finde alle filer eller mapper, da de kan være fjernet automatisk under fixet med Hijackthis.
C:\WINDOWS\stsheets.dat<<<dat fil

Genstart og send en ny hijackthis log

Synes godt om

kalleferm Nybegynder

15. september 2005 - 10:51 #6

Øj, fik vist aldrig givet dig point. Sorry!
Kan ikke helt huske om jeg egt. fik den udryddet ved din metode - men jeg har den i hvert fald ikkenu. Læg et svar og jeg giver point for hjælpen. Tak.

Synes godt om

magictouch Nybegynder

15. september 2005 - 10:55 #7

Helt i orden- bedre sent end aldrig;) Takker på forhånd

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

01/05

Test: Kan danske Jabra egentlig hamle op med tech-giganterne med sin nye topmodel? Svaret er ja

01/05

Efter mange års tilbagegang i Danmark - nu vokser CGI's omsætning igen

01/05

Nørgaard: En marxistisk analyse af milliardærskat i dagens anledning - fik Marx egentlig ikke ret?

01/05

Rykker tættere på fælles it-drift: 19 kommuner siger ja til hinanden - Aarhus får central rolle

01/05

Den danske datacenter-branche efter kritik: Der skal bygges meget mere. Det haster

01/05

Emagine buldrer frem: Sætter ny omsætningsrekord og har vild vækst på jobfronten

01/05

En særlig ting får vores samfund til at fungere

01/05

It-selskab fra Fyn rejser 261 millioner kroner og gør klar til at købe op i Danmark

01/05

Netcompany bliver eneejer af kæmpe lufthavns-satsning: Københavns Lufthavn forlader ejerkredsen

01/05

Danske Bank satser stort på AI og forventer produktivitets-gevinster i milliardklassen: Her er planerne

01/05

Prosas 1. maj-tale: Den næste store arbejderkamp handler om AI

Vis flere artikler

IT-JOB

Sparekassen Danmark

Erfaren udvikler til modernisering af applikationslandskab

Netcompany A/S

Network Engineer

Digitaliseringsstyrelsen

Sæt dit præg på Danmarks cybersikkerhed og beredskab i Digitaliseringsstyrelsen

TV2

Informationssikkerhedskonsulent til TV 2 Security & Compliance

KMD A/S

Senior Solution Architect

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 19:09	Download Win 11 - 25H2 Af ErikHg i Windows
30/0410:42	Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37	Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23	Facebook Af hkv i Sociale medier
29/0411:38	JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer

White papers

Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf
Find den SOC-model, der virker i praksis
SecureDevice
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf

Flere white papers »