Seneste forumindlæg
-
65" tv til ca. 7000 kr. (9)
-
Hvilken plæneklipper? (batteri) (4)
-
Placering af Unifi Wifi 7 pro (16)
-
Bedste robotplæneklipper? (78)
-
Søger hjælp til valg af varmelampe (0)
-
Protest imod Hamas? (117)
-
stiger harddiske i pris lige nu? (12)
-
Altibox egen router opsætning (14)
-
Tech butikker i Danmark (9)
-
SLOW norlys Fiber (78)
-
Lille OC af 8600K (10)
-
PC vil kun boote med 1 RAM stick efter 5600X upgra... (18)
-
Kvalitets legetøjs soldater, kampvogne etc? (3)
-
5800x3d eller 7800x3d (37)
-
Min computer bliver for varm (genstarter) (74)
-
Sluk computeren i morgen lørdag, solar flares (25)
-
Lodde Laing DDC pumpe? (17)
-
Test af Elegoo Neptune 4 Max (0)
-
Tomat og/eller agurk i burger? (32)
-
Asus scam RMA (5)
-
Søger Waoo fibernet kunder i Roskilde omegn (3)
-
Er Unifi USG end of life? (5)
-
Ny varmerekord i Albanien - det er craaaszy :) (7)
-
Gap mellem (1)
-
Tilbud i power dreame L10s ultra (14)
-
Salg af gl pc, køb af ny? (2)
-
Søger 2nd skærm (7)
-
Hvor kan jeg streame Stargate? (65)
-
Ansvarsforsikring til Drone (5)
-
Udskiftning af OnePlus 10 Pro (11)
-
Xiaomi elbil (video) (10)
-
Hjælp til skraber valg (10)
-
Scam advarsel (7)
-
Adapter til Nilfisk højtryksrenser (3)
-
Nvidia har lavet en FE webshop i Danmark (20)
Køb / Salg
 * Uofficiel Black/White liste V3
-
K: 1 * 32gb ddr4 sodimm (3)
-
K: ASUS ROG MAXIMUS XII/XIII APEX (LGA 1200) (3)
-
V: Stor Playstation 5 Pakke (4)
-
S: Pixel 8 uåbnet (3)
-
S/V: Ryzen 5 1600 + 16gb 3200mhz (0)
-
S: Corsair H100i PRO RGB_240mm AIO (0)
-
S: Powercolor RX6600 Hellhound (3)
-
S: Palit RTX 2060 (7)
-
S: Asus RX 6600Xt ROG Strix 8GB (11)
-
S: Dell OEM kabler - HDMI, DP, USB-C, lot (5)
-
G: Kæmpe Corsair kabinet (2)
-
S: Sapphire RTX 2080 Ti 11GB (13)
-
S: Huawei RH2288H V3 Server (3)
-
S: Intel i5 13600KF og Asrock Z790 Taichi Lit... (13)
-
S: steelseries arena 3 (4)
-
V: Asus PG329Q (0)
-
S: Original ram til Synology (1)
-
S: Asus Strix 1080 (1)
-
V:/:S Hardware af ældre dato (8)
-
S: Ubiquiti ER4 & ES8-150W (1)
Login / opret bruger
Forum \ Software \ Sikkerhed
Denne tråd er over 6 måneder gammel

Er du sikker på, at du har noget relevant at tilføje?

HJT (for Jesper)

Af Moderator Armageddon | 02-08-2004 00:23 | 1396 visninger | 11 svar, hop til seneste
jeg har også lige nogle ting der skal tjekkes. Logfile of HijackThis v1.97.7 Scan saved at 21:24:21, on 01-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe C:ProgrammerJavaj2re1.4.2_04injusched.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe c:progra~1intern~1iexplore.exe c:progra~1intern~1iexplore.exe C:WINDOWSSystem32pasqena.exe C:WINDOWSexplorer.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:Documents and SettingsjesperApplication Datauccn.exe C:WINDOWSSystem32ufrhyag.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN vcoas.exe C:DOCUME~1jesperLOKALE~1Tempmsbb.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.tokyuokruarbdpnvlioubpja.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll O2 - BHO: C:WINDOWSlbbho.dll - {11431C20-6129-43FE-AEE3-FD648C4C9925} - C:WINDOWSlbbho.dll O2 - BHO: (no name) - {44F8322F-C069-7496-D501-655508D62912} - C:WINDOWSSystem32gqzlj.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSDownloaded Program Filesridge.dll O2 - BHO: (no name) - {EAD5A860-7791-A760-22D3-6A7B643DA266} - C:PROGRA~1SETUPH~1MagsBlue.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04injusched.exe O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [Microsoft Update] wuamgrd.exe O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKLM..Run: [Byte Corn Part Phone] C:Documents and SettingsAll UsersApplication DataRoadElseByteCornorecdrom.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program Filesridge.dll",Load O4 - HKLM..Run: [hautispzzkwfd] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe O4 - HKLM..Run: [msbb] c:docume~1jesperlokale~1 empmsbb.exe O4 - HKLM..Run: [gdydmf] C:WINDOWSgdydmf.exe O4 - HKLM..RunServices: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [sp] C:sp.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O4 - HKCU..Run: [Ljksr] C:WINDOWSSystem32ufrhyag.exe O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:foo.mht!http://www.free32.com[...] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#1
Armageddon
Moderator
02-08-2004 00:28

Rapporter til Admin
Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Hent så CWShredder og KillBox http://www.spywareinfo.com[...] http://www.mdegn.dk[...] Start CWShredder og opdater online. Hiv netstikket ud og scan så med programmet. Fix det som bliver foreslået. Kør en ny scanning med HJT og sæt flueben ved disse: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.tokyuokruarbdpnvlioubpja.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll O2 - BHO: C:WINDOWSlbbho.dll - {11431C20-6129-43FE-AEE3-FD648C4C9925} - C:WINDOWSlbbho.dll O2 - BHO: (no name) - {44F8322F-C069-7496-D501-655508D62912} - C:WINDOWSSystem32gqzlj.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSDownloaded Program Files ridge.dll O2 - BHO: (no name) - {EAD5A860-7791-A760-22D3-6A7B643DA266} - C:PROGRA~1SETUPH~1MagsBlue.exe O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04 injusched.exe O4 - HKLM..Run: [Microsoft Update] wuamgrd.exe O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKLM..Run: [Byte Corn Part Phone] C:Documents and SettingsAll UsersApplication DataRoadElseByteCorn orecdrom.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program Files ridge.dll",Load O4 - HKLM..Run: [hautispzzkwfd] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe O4 - HKLM..Run: [msbb] c:docume~1jesperlokale~1 empmsbb.exe O4 - HKLM..Run: [gdydmf] C:WINDOWSgdydmf.exe O4 - HKLM..RunServices: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [sp] C:sp.exe O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O4 - HKCU..Run: [Ljksr] C:WINDOWSSystem32ufrhyag.exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:foo.mht!http://www.free32.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og start KillBox op. I tekstfeltet skriver du C:\WINDOWS\secure.html og klikker på "Kill File". Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet disse: C:\WINDOWS\System32\pasqena.exe C:\Documents and Settings\jesper\Application Data\uccn.exe C:\WINDOWS\System32\ufrhyag.exe C:\DOCUME~1\jesper\LOKALE~1\Temp\msbb.exe C:\WINDOWS\twaintec.dll C:\WINDOWS\lbbho.dll C:\WINDOWS\System32\gqzlj.dll C:\WINDOWS\2_0_1browserhelper2.dll C:\WINDOWS\Downloaded Program Files\bridge.dll C:\PROGRA~1\SETUPH~1\MagsBlue.exe (slet SETUPH~1 mappen) C:\WINDOWS\System32\wuamgrd.exe C:\PROGRA~1\MODETI~1\drv mpeg size.exe (slet MODETI~1 mappen) C:\Documents and Settings\All Users\Application Data\RoadElseByteCorn\borecdrom.exe (slet RoadElseByteCorn mappen) C:\WINDOWS\alchem.exe C:\WINDOWS\gdydmf.exe C:\sp.exe Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#2
jesper
Gæst
02-08-2004 16:35

Rapporter til Admin
jeg kan ikke åbne denne her side http://www.spywareinfo.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.
#3
Armageddon
Moderator
02-08-2004 16:49

Rapporter til Admin
Desværre er siden ofte nede. Jeg har nu smidt programmet på min egen side så du kan hente det på http://www.mdegn.dk[...]
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#4
jesper
Gæst
02-08-2004 20:09

Rapporter til Admin
Logfile of HijackThis v1.97.7 Scan saved at 20:06:22, on 02-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBIN vcoas.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE c:progra~1intern~1iexplore.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:ProgrammerMSN MessengerMsnMsgr.Exe D:ProgrammerHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.pifwherwmvtxxdbx.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [Windows SA] C:Program FilesWindowsSAomniscient.exe O4 - HKLM..Run: [ocytdiuuzpdw] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] men der er stadig et andet baggrund billede og det kan jeg ikke få væk og min start side på internettet kan jeg heller ikke lave om kan du se hvad der er i vejen med det
--
Gæstebruger, opret dit eget login og få din egen signatur.
#5
Armageddon
Moderator
03-08-2004 01:18

Rapporter til Admin
Det var en ordentlig omgang, og det har bestemt ryddet ud i malwaren. Nu tager vi det sidste. Kør en ny scanning med HJT og sæt flueben ved disse: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.pifwherwmvtxxdbx.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html O4 - HKLM..Run: [Windows SA] C:Program FilesWindowsSAomniscient.exe O4 - HKLM..Run: [ocytdiuuzpdw] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og start KillBox op. I tekstfeltet skriver du C:\WINDOWS\secure.html. Vælg så Action -> Delete on reboot. Nu dukker der et lille vindue op - vælg File -> Add file. Vælg Action -> Process and reboot. Når har genstartet kører du en ny scanning med HJT og smider loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#6
jesper
Gæst
03-08-2004 16:33

Rapporter til Admin
Logfile of HijackThis v1.97.7 Scan saved at 16:34:58, on 03-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:Documents and SettingsjesperMenuen StartProgrammerStartVentrilo.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:NORMANNvcBINNVCOA.EXE C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBINNVCOA.EXE C:ProgrammerMSN MessengerMsnMsgr.Exe C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN vcoas.exe C:NORMANNvcBIN ipsvc.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.lfcdpujstscoxjcmojfuv.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.
#7
Armageddon
Moderator
03-08-2004 22:34

Rapporter til Admin
Hmm, det er da grov. Du må hellere printe dette ud eller skrive de vigtigste ting ned. Genstart din PC i fejlsikret tilstand. Du må under ingen omstændigheder åbne IE. Start så KillBox op. I tekstfeltet skriver du C:\WINDOWS\secure.html og klikker på "Kill File". Gå i Denne computer og søg på secure.html (nu skal vi sikre os at den ikke længere findes på systemet) - det skulle gerne ende med at du ikke finder noget. Kør så en ny scanning med HJT og sæt flueben ved disse: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.lfcdpujstscoxjcmojfuv.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet. Vi må hellere gå en tur i registreringsdatabasen (Start-> Kør...-> skriv regedit og tryk <Enter>). Vælg Rediger-> Søg (Ctrl+B) og skriv secure.html i tekstfeltet, og tryk på "Find næste". Slet nøglen. Gentag søgningen med F3. Fortsæt indtil der ikke er flere forekomster. Luk databasen. Genstart maskinen. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#8
jesper
Gæst
05-08-2004 22:27

Rapporter til Admin
Logfile of HijackThis v1.97.7 Scan saved at 22:29:12, on 05-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe C:windowsmsbb.exe C:WINDOWSifixoz.exe C:WINDOWSSystem32msrexe.exe C:WINDOWSSystem32 undll32.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:WINDOWSexplorer.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:Documents and SettingsjesperApplication Datauccn.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:Documents and SettingsjesperMenuen StartProgrammerStartVentrilo.exe D:ProgrammerWinampwinamp.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:NORMANNvcBINNVCOA.EXE C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBINNVCOA.EXE C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBIN vcoas.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchmiracle.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:WINDOWSEliteBarEliteBar version 38.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:WINDOWSEliteBarEliteBar version 38.dll O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [msbb] c:windowsmsbb.exe O4 - HKLM..Run: [ifixoz] C:WINDOWSifixoz.exe O4 - HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program FilesCONFLICT.1ridge.dll",Load O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: v2cab - http://searchmiracle.com[...] O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c: osuch.mht!http://213.159.117.133[...] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.
#9
Armageddon
Moderator
08-08-2004 10:24

Rapporter til Admin
Start direkte op i fejlsikret tilstand og sørg for at der ikke er netforbindelse. Du må ikke åbne IE. Kør så CWShredder (du har opdateret den tidligere, så det er ikke nødvendigt nu). Kør herefter KillBox og skriv C:\windows\msbb.exe i tekstfeltet, og tryk så på "Kill File". Gentag med disse: C:\WINDOWS\ifixoz.exe C:\WINDOWS\System32\msrexe.exe C:\Documents and Settings\jesper\Application Data\uccn.exe C:\WINDOWS\EliteBar\EliteBar version 38.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll C:\WINDOWS\secure.html Lav så en global søgning filerne - det skulle gerne være sådan at du ikke finder dem længere. Finder du nogle så gentag ovenstående procedure indtil filen ikke længere findes. Kør en ny scanning med HJT og sæt flueben ved disse: R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchmiracle.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:WINDOWSEliteBarEliteBar version 38.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:WINDOWSEliteBarEliteBar version 38.dll O4 - HKLM..Run: [msbb] c:windowsmsbb.exe O4 - HKLM..Run: [ifixoz] C:WINDOWSifixoz.exe O4 - HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program FilesCONFLICT.1 ridge.dll",Load O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: v2cab - http://searchmiracle.com[...] O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c: osuch.mht!http://213.159.117.133[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og åbn regedit. Søg på secure.html og slet alle forekomster. Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#10
greebo
Gæst
08-08-2004 19:33

Rapporter til Admin
Er bare lidt nysgerrig!!! har du fået renset din log jesper?
--
Gæstebruger, opret dit eget login og få din egen signatur.
#11
greebo
Gæst
08-08-2004 19:35

Rapporter til Admin
doh!!!! havde ikke set du lige har skrevet i din her d. 8 Armageddon.
--
Gæstebruger, opret dit eget login og få din egen signatur.

Opret svar til indlægget: HJT (for Jesper)

Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.

Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.

Opret bruger | Login
NYHEDSBREV
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Afstemning

Hvilken udbyder har du til internet?

247 personer har stemt
-
Mit energiselskab (Ewii f.eks)
11%
-
Fastspeed
12%
-
Kviknet
4%
-
Boligforening
7%
-
Norlys
15%
-
Hiper
12%
-
Fibia
3%
-
Telenor
4%
-
YouSee
11%
-
Andet
22%