CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede fodboldmanden Nybegynder
03. juli 2005 - 01:52 Der er 6 kommentarer

Kan ikke slette Adware.Ezula

Mit Norton antivirusprogram finder Adware.Ezula men jeg kan ikke slette det, der er et link fører til denne beskrivelse:

Adware.Ezula
   
Last Updated on: May 31, 2005 09:19:59 AM

   
   
Type:     Adware
   
Name:     Not available
Version:     1.0
Publisher:     Ezula
Systems Affected:     Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
   
   
Risk Impact:     Low

detection
# Intelligent Updater Definitions*
   

August 18, 2003
# LiveUpdate™ Definitions **
   

August 18, 2003

*
   

Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**
   

LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.

This risk can be detected only by Symantec products that support security risks. For more information on security risks, please go here.

summary

Behavior
Adware.Ezula alters Web pages viewed in Internet Explorer and can add extra links to certain keywords that advertisers target. This adware also runs under the name TopText.

Symptoms
The files are detected as Adware.Ezula.

Transmission
This Adware has to be manually installed.

technical details
File names:
eZinstall.exe
Ezula.dll

When Adware.Ezula is installed, it performs the following actions:

  1. Creates the following files:

          * %USERPROGRAMS%\TopText iLookup\Feedback.url
          * %USERPROGRAMS%\TopText iLookup\Help.url
          * %USERPROGRAMS%\TopText iLookup\My Keywords.lnk
          * %USERPROGRAMS%\TopText iLookup\My Preferences.lnk
          * %USERPROGRAMS%\TopText iLookup\ReadMe.url
          * %USERPROGRAMS%\TopText iLookup\TopText Button Show - Hide.lnk
          * %PROGRAMFILES%\eZula\basis.dst
          * %PROGRAMFILES%\eZula\basis.kwd
          * %PROGRAMFILES%\eZula\basis.pu
          * %PROGRAMFILES%\eZula\basis.rst
          * %PROGRAMFILES%\eZula\CHCON.dll
          * %PROGRAMFILES%\eZula\eabh.dll
          * %PROGRAMFILES%\eZula\genun.ez
          * %PROGRAMFILES%\eZula\Images\arrow1.gif
          * %PROGRAMFILES%\eZula\Images\arrow2.gif
          * %PROGRAMFILES%\eZula\Images\button_small.gif
          * %PROGRAMFILES%\eZula\Images\icon.gif
          * %PROGRAMFILES%\eZula\Images\Layer_Bottom.gif
          * %PROGRAMFILES%\eZula\Images\Layer_Center.gif
          * %PROGRAMFILES%\eZula\Images\Layer_Top.gif
          * %PROGRAMFILES%\eZula\Images\new.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Follow_divider.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Follow_Left.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Follow_Off.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Follow_On.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Follow_Right.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Top.gif
          * %PROGRAMFILES%\eZula\Images\PopUp_Top_Bottom.gif
          * %PROGRAMFILES%\eZula\Images\Side_B.gif
          * %PROGRAMFILES%\eZula\Images\Side_L.gif
          * %PROGRAMFILES%\eZula\Images\Side_R.gif
          * %PROGRAMFILES%\eZula\Images\Side_Top.gif
          * %PROGRAMFILES%\eZula\Images\spacer.gif
          * %PROGRAMFILES%\eZula\INSTALL.LOG
          * %PROGRAMFILES%\eZula\legend.lgn
          * %PROGRAMFILES%\eZula\mmod.exe
          * %PROGRAMFILES%\eZula\param.ez
          * %PROGRAMFILES%\eZula\rwds.rst
          * %PROGRAMFILES%\eZula\search.src
          * %PROGRAMFILES%\eZula\seng.dll
          * %PROGRAMFILES%\eZula\UNWISE.EXE
          * %PROGRAMFILES%\eZula\upgrade.vrn
          * %PROGRAMFILES%\eZula\version.vrn
          * %PROGRAMFILES%\eZula\wndbannn.src
          * %WINDOWS%\Downloaded Program Files\ezstub.dll
          * %WINDOWS%\Downloaded Program Files\ezstub.INF
          * %WINDOWS%\system32\ezstub.exe
          * %WINDOWS%\eZinstall.exe

            Notes:
          * %USERPROGRAMS% is a variable that refers to the c:\Documents and Settings\<current user>\Start Menu\Programs folder.
          * %PROGRAMFILES% is a variable that refers to the Program Files folder. By default, this is C:\Program Files.
          * %WINDOWS% is a variable that refers to the Windows folder. By default, this is C:\WINNT on 2k machines and C:\Windows on XP machines.

  2. Adds the value:

      24F4 "eZmmod" = "C:\PROGRA~1\ezula\mmod.exe"

      to the registry subkey:

      HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

      so that the risk runs every time Windows starts.

  3. Creates the following registry subkeys:


      HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE
      HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE
      HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
      HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
      HKEY_CLASSES_ROOT\CLSID\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
      HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
      HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
      HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
      HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
      HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
      HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost
      HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1
      HKEY_CLASSES_ROOT\eZulaAgent.IEObject
      HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1
      HKEY_CLASSES_ROOT\EZulaAgent.PlugProt
      HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1
      HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand
      HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1
      HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl
      HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl.1
      HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl
      HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay
      HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper
      HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper
      HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1
      HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe
      HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1
      HKEY_CLASSES_ROOT\EZulaMain.TrayIConM
      HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ezstub.dll
      HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula
      HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula\Setup
      HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula\Setup\ID
      HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula\Setup\path


removal instructions

Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.

  1. Update the virus definitions.
  2. Uninstall TopText using the Add/Remove Programs utility.
  3. Run a full system scan and delete all the files detected as Adware.Ezula.
  4. Delete the values that were added to the registry.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

    * Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
    * Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

      The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.


2. Uninstalling the Adware

  1. Do one of the following:
          * On the Windows 98 taskbar:
              1. Click Start > Settings > Control Panel.
              2. In the Control Panel window, double-click Add/Remove Programs.

          * On the Windows Me taskbar:
              1. Click Start > Settings > Control Panel.
              2. In the Control Panel window, double-click Add/Remove Programs.
                  If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

          * On the Windows 2000 taskbar:
            By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.

          * On the Windows XP taskbar:
              1. Click Start > Control Panel.
              2. In the Control Panel window, double-click Add or Remove Programs.

  2. Click TopText.

      Note: You may need to use the scroll bar to view the whole list.
  3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.


3. Scanning for and deleting the infected files

  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
          * For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."
          * For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
  2. Run a full system scan.
  3. If any files are detected as infected with Adw 1946 are.Ezula, click Delete.


4. To delete the values from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.

  1. Click Start > Run.
  2. Type regedit

      Then click OK.
  3. Navigate to and delete the following registry keys, if present:

      Navigate to the subkey:

      HKEY_ALL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  4. In the right pane, delete the value:

      "eZmmod" = "C:\PROGRA~1\ezula\mmod.exe"

  5. Navigate to and delete the following registry keys, if present:


      HKEY_CLASSES_ROOT\AppID\eZulaBootExe.EXE
      HKEY_CLASSES_ROOT\AppID\eZulaMain.EXE
      HKEY_CLASSES_ROOT\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
      HKEY_CLASSES_ROOT\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
      HKEY_CLASSES_ROOT\CLSID\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
      HKEY_CLASSES_ROOT\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
      HKEY_CLASSES_ROOT\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
      HKEY_CLASSES_ROOT\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
      HKEY_CLASSES_ROOT\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{3D7247DD-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
      HKEY_CLASSES_ROOT\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
      HKEY_CLASSES_ROOT\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
      HKEY_CLASSES_ROOT\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{3D7247D1-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
      HKEY_CLASSES_ROOT\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
      HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost
      HKEY_CLASSES_ROOT\EZulaAgent.eZulaCtrlHost.1
      HKEY_CLASSES_ROOT\eZulaAgent.IEObject
      HKEY_CLASSES_ROOT\eZulaAgent.IEObject.1
      HKEY_CLASSES_ROOT\EZulaAgent.PlugProt
      HKEY_CLASSES_ROOT\EZulaAgent.PlugProt.1
      HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand
      HKEY_CLASSES_ROOT\eZulaAgent.ToolBarBand.1
      HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl
      HKEY_CLASSES_ROOT\EZulaBoot.InstallCtrl.1
      HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl
      HKEY_CLASSES_ROOT\EZulaBootExe.InstallCtrl.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaCode.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaHash.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch
      HKEY_CLASSES_ROOT\EZulaFSearchEng.eZulaSearch.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay
      HKEY_CLASSES_ROOT\EZulaFSearchEng.PopupDisplay.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper
      HKEY_CLASSES_ROOT\EZulaFSearchEng.ResultHelper.1
      HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper
      HKEY_CLASSES_ROOT\EZulaFSearchEng.SearchHelper.1
      HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe
      HKEY_CLASSES_ROOT\EZulaMain.eZulaSearchPipe.1
      HKEY_CLASSES_ROOT\EZulaMain.TrayIConM
      HKEY_CLASSES_ROOT\EZulaMain.TrayIConM.1
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3D7247DE-5DB8-11D4-8A72-0050DA2EE1BE}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ezstub.dll
      HKEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula
      KEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula\Setup
      KEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula\Setup\ID
      KEY_USERS\S-1-5-21-448539723-413027322-839522115-1003\Software\eZula\Setup\path

  6. Exit the Registry Editor.
Avatar billede sir_plexus Nybegynder
03. juli 2005 - 02:14 #1
Er ikke sikker men prøv at trykke Alt+Ctrl+Del og ind i jobliste. Her skal fjerne følgene processer: %windows%\%system%\stub.exe og %windows%\%system%\ezstub.exe.
Det skulle være nok til at du skulle kunne fjerne den med Norton eller Ad-Aware!
Avatar billede arlet Juniormester
03. juli 2005 - 07:40 #2
Hent Ewido og Hijackthis her : http://www.arlet.dk/ewidohjt.htm

Så skal vi nok få den væk..
Avatar billede fodboldmanden Nybegynder
06. juli 2005 - 23:31 #3
Mange tak for svarene. Jeg har hentet Hijack this. Hvad skal jeg slette? Her er loggen.

Logfile of HijackThis v1.99.1
Scan saved at 23:27:30, on 06-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Hotkeycontrol XP\hkcontrol.exe
C:\Programmer\Bang & Olufsen\BeoPlayer\Beotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Bang & Olufsen\BeoPlayer\BeoPlayer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programmer\FirstClass\fcc32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Skrivebord\Antivius programmer\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: SST - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Programmer\Lycos\sst.dll (file missing)
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\programmer\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [imjpmig] C:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Hotkeycontrol] C:\Programmer\Hotkeycontrol XP\hkcontrol.exe
O4 - HKLM\..\Run: [Beoplayertray] C:\Programmer\Bang & Olufsen\BeoPlayer\Beotray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [FroggyCastleSetup.exe] C:\DOWNLO~1\FROGGY~1.EXE /r
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BeoPlayer.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk361YYDK
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.bifrost.aakb.dk/support/plugins/ebraryRdr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - c:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede johnstigers Seniormester
07. juli 2005 - 10:17 #4
Hvad med Microsoft Antispyware - kan det slette det???
Kør lige en scanning med det - derefter scanner du med spybot: http://www.download.com/3001-8022-10289035.html (opdater online før scanning) derefter en ny log. Tak :)
Avatar billede arlet Juniormester
07. juli 2005 - 19:52 #5
Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------


Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SST - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Programmer\Lycos\sst.dll (file missing)

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [FroggyCastleSetup.exe] C:\DOWNLO~1\FROGGY~1.EXE /r
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :

C:\PROGRA~1\MYWEBS~1<- hele mappen
C:\DOWNLO~1\FROGGY~1.EXE

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne


Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind
Avatar billede arlet Juniormester
13. juli 2005 - 17:47 #6
Har du brug for mere hjælp, eller har du fået dit spørgsmål besvaret??, for så skal du huske at lukke dit spørgsmål pænt igen ved at marker et navn i boksen til venstre og tryk accepter..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 15:13 Excel kalder en Access app Af per2edb i Access
18/0718:52 Skift velkomstside i Windows 11 - hvordan Af ErikHg i Windows
18/0712:30 Mystik om mobil Doro 8080 Af valby i Apps til Android
17/0715:04 Forslag til app til styring af LED driver Af Iben i Apps til iOS
16/0723:29 ChatGPT hjælp mod flux ift. Zip-pakker kan ikke downloades i +abb, Af lasseP i Chat & Messaging
White papers
Flere white papers »


Premium
Teaser billede
Ny kvantecomputer skal give danske virksomheder fortrinsret til kritisk teknologi - men bygges af amerikanske selskaber
Læs mere »
Microsoft vil investere endnu mere i at hugge kunder fra VMware-platforme: Det er en kæmpe mulighed
Vil du undgå Android og iOS på din smartphone? Her er 12 alternativer til gængse amerikanske operativsystemer
Danmark involveret i stor politirazzia mod russisk hackergruppe: Står bag angreb på danske kommuner og ministerier
Se alle »
Computerworld
Teaser billede
Danske husstande med YouSee-routere angribes to gange om dagen: Så enkelt sikrer du din egen
Læs mere »
En måned efter investering på 92 milliarder kroner: Nu fyrer fremadstormende AI-selskab en stor del af de ansatte
DR bør ændre omstridte login-krav og gøre det frivilligt, siger Datatilsynet
Stiller krav til superbrugernes tålmodighed: Nu begynder Microsoft at teste ny sikkerhedsfunktion i Windows 11
Se alle »
CIO
Teaser billede
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Læs mere »
Atea-CEO efter blødende indtjening: ”Vi er nødt til at hæve vores priser. Der er ingen vej udenom”
Vinderne er fundet: Disse to it-leverandører skal levere Microsoft-løsninger for milliarder til den danske stat
Nye EU-krav til hjemmesider er trådt i kraft: Du skal have styr på dette, hvis du vil undgå en bøde
Se alle »
Job & Karriere
Teaser billede
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Læs mere »
Itm8 fyrer: Opsiger ansatte og reorganiserer
Fagforbund slår alarm over Netcompany: "Man risikerer at knække halsen på deres arbejdsmiljø"
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Se alle »
White paper
Teaser billede
Få reel viden om datasuverænitet og tag selv kontrollen
Læs mere »
Undgå at printeren bliver svageste led i sikkerheden
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Sådan automatiserer du vagtplanlægningen med AI
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »