Seneste forumindlæg
-
Crackling lyd i headset i spil m.v. (15)
-
Køb af ny PC hjælp med valg (30)
-
Kabinet med 3x3.5" drev plads (3)
-
Nyt TV men hvilket? (1)
-
Fjernvarme, priserne stikker helt af! (40)
-
Mobil Tilbudstråd 2024 - Value for money (160)
-
55" discount TV (20)
-
Hisense PL1SE laserprojektor til 10k (6)
-
Robotstøvsuger (9)
-
Airfryer - hvad laver HOLs brugere i sine? (21)
-
Black Friday 2024 tilbudstråd (94)
-
Trump (457)
-
Xbox Series x? (5)
-
Efter et salg? (3)
-
160mm hul i mursten (19)
-
Anbefal en god alm. højtryksrenser (15)
-
Hjælp til 1440p PC build (2)
-
Kan man købe sig til fibernet? (22)
-
Hjælp til nyt fjernsyn (maks 6000,-) (8)
-
Skærm til ps5 (8)
-
Dba perler, overdrevne annoncer V2 (115)
-
GPU Blæser peaks (5)
-
Google Pixel 8a - 18W wired charging - godt/skidt? (7)
-
Skærm til gaming og redigering (8)
-
The Spectrum (0)
-
Forslag til forbedringer af PC søges (24)
-
Meta Quest 3 (18)
-
H: Nyt/brugt ITX build (Define Nano S) (8)
-
Skateboard. (9)
-
tailscale immich?? (4)
-
Transport Nordjylland -> København (9)
-
Vandskade - Forsikring dækker kun 1,5 kvm fliser (11)
-
Fejl på 5800x3d (26)
-
Køb af brugt knallert - Omregistrering ? (10)
-
PC 14700K, 32 RAM, 4070 ti super (13)
Køb / Salg
 * Uofficiel Black/White liste V3
-
B: LG 27GR95QE-B Oled til BenQ XL2566k/46k (2)
-
S: Surface Pro 5 (1)
-
S: Lenovo ThinkPad T450s (14)
-
S: PowerColor RX 7800 XT Hellhound (sort) (3)
-
K: Synology NAS (1)
-
V: Ideapad 8gb 9300H GTX 1650 (0)
-
S: V: Vision pc (3)
-
S: AMD Ryzen 7 7800X3D (8)
-
K: Computerdele på budget + skærm (6)
-
K: Gaming computer budget max 7K (3)
-
S: 6800 xt, 3700x, Be Quiet DR4. (1)
-
S: HP ProDesk 400 G2 Mini PC (3)
-
S: uåbnet Motorola Edge 40 (2)
-
Cepter Alpha 49' NY & Cepter Atilius 49' Let brugt (0)
-
S: High-end PC (Uden GPU) (2)
-
S: 5600x, RTX 3080, 32gb DDR4, 512gb M.2 (26)
-
B: G34w-30 (2)
-
S: ASUS Dual RTX 2060 Super 8Gb (3)
-
B: 32" LG FHD TV byttes til 24" FHD skærm (0)
-
K: Søger GPU gerne sjælland IDAG maks 1000KR (0)
Login / opret bruger
Forum \ Software \ Sikkerhed
Denne tråd er over 6 måneder gammel

Er du sikker på, at du har noget relevant at tilføje?

HJT (for Jesper)

Af Moderator Armageddon | 02-08-2004 00:23 | 1451 visninger | 11 svar, hop til seneste
jeg har også lige nogle ting der skal tjekkes. Logfile of HijackThis v1.97.7 Scan saved at 21:24:21, on 01-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe C:ProgrammerJavaj2re1.4.2_04injusched.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe c:progra~1intern~1iexplore.exe c:progra~1intern~1iexplore.exe C:WINDOWSSystem32pasqena.exe C:WINDOWSexplorer.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:Documents and SettingsjesperApplication Datauccn.exe C:WINDOWSSystem32ufrhyag.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN vcoas.exe C:DOCUME~1jesperLOKALE~1Tempmsbb.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.tokyuokruarbdpnvlioubpja.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll O2 - BHO: C:WINDOWSlbbho.dll - {11431C20-6129-43FE-AEE3-FD648C4C9925} - C:WINDOWSlbbho.dll O2 - BHO: (no name) - {44F8322F-C069-7496-D501-655508D62912} - C:WINDOWSSystem32gqzlj.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSDownloaded Program Filesridge.dll O2 - BHO: (no name) - {EAD5A860-7791-A760-22D3-6A7B643DA266} - C:PROGRA~1SETUPH~1MagsBlue.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04injusched.exe O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [Microsoft Update] wuamgrd.exe O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKLM..Run: [Byte Corn Part Phone] C:Documents and SettingsAll UsersApplication DataRoadElseByteCornorecdrom.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program Filesridge.dll",Load O4 - HKLM..Run: [hautispzzkwfd] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe O4 - HKLM..Run: [msbb] c:docume~1jesperlokale~1 empmsbb.exe O4 - HKLM..Run: [gdydmf] C:WINDOWSgdydmf.exe O4 - HKLM..RunServices: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [sp] C:sp.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O4 - HKCU..Run: [Ljksr] C:WINDOWSSystem32ufrhyag.exe O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:foo.mht!http://www.free32.com[...] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#1
Armageddon
Moderator
02-08-2004 00:28

Rapporter til Admin
Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Hent så CWShredder og KillBox http://www.spywareinfo.com[...] http://www.mdegn.dk[...] Start CWShredder og opdater online. Hiv netstikket ud og scan så med programmet. Fix det som bliver foreslået. Kør en ny scanning med HJT og sæt flueben ved disse: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.tokyuokruarbdpnvlioubpja.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll O2 - BHO: C:WINDOWSlbbho.dll - {11431C20-6129-43FE-AEE3-FD648C4C9925} - C:WINDOWSlbbho.dll O2 - BHO: (no name) - {44F8322F-C069-7496-D501-655508D62912} - C:WINDOWSSystem32gqzlj.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSDownloaded Program Files ridge.dll O2 - BHO: (no name) - {EAD5A860-7791-A760-22D3-6A7B643DA266} - C:PROGRA~1SETUPH~1MagsBlue.exe O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04 injusched.exe O4 - HKLM..Run: [Microsoft Update] wuamgrd.exe O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKLM..Run: [Byte Corn Part Phone] C:Documents and SettingsAll UsersApplication DataRoadElseByteCorn orecdrom.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program Files ridge.dll",Load O4 - HKLM..Run: [hautispzzkwfd] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe O4 - HKLM..Run: [msbb] c:docume~1jesperlokale~1 empmsbb.exe O4 - HKLM..Run: [gdydmf] C:WINDOWSgdydmf.exe O4 - HKLM..RunServices: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [sp] C:sp.exe O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O4 - HKCU..Run: [Ljksr] C:WINDOWSSystem32ufrhyag.exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:foo.mht!http://www.free32.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og start KillBox op. I tekstfeltet skriver du C:\WINDOWS\secure.html og klikker på "Kill File". Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet disse: C:\WINDOWS\System32\pasqena.exe C:\Documents and Settings\jesper\Application Data\uccn.exe C:\WINDOWS\System32\ufrhyag.exe C:\DOCUME~1\jesper\LOKALE~1\Temp\msbb.exe C:\WINDOWS\twaintec.dll C:\WINDOWS\lbbho.dll C:\WINDOWS\System32\gqzlj.dll C:\WINDOWS\2_0_1browserhelper2.dll C:\WINDOWS\Downloaded Program Files\bridge.dll C:\PROGRA~1\SETUPH~1\MagsBlue.exe (slet SETUPH~1 mappen) C:\WINDOWS\System32\wuamgrd.exe C:\PROGRA~1\MODETI~1\drv mpeg size.exe (slet MODETI~1 mappen) C:\Documents and Settings\All Users\Application Data\RoadElseByteCorn\borecdrom.exe (slet RoadElseByteCorn mappen) C:\WINDOWS\alchem.exe C:\WINDOWS\gdydmf.exe C:\sp.exe Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#2
jesper
Gæst
02-08-2004 16:35

Rapporter til Admin
jeg kan ikke åbne denne her side http://www.spywareinfo.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.
#3
Armageddon
Moderator
02-08-2004 16:49

Rapporter til Admin
Desværre er siden ofte nede. Jeg har nu smidt programmet på min egen side så du kan hente det på http://www.mdegn.dk[...]
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#4
jesper
Gæst
02-08-2004 20:09

Rapporter til Admin
Logfile of HijackThis v1.97.7 Scan saved at 20:06:22, on 02-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBIN vcoas.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE c:progra~1intern~1iexplore.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:ProgrammerMSN MessengerMsnMsgr.Exe D:ProgrammerHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.pifwherwmvtxxdbx.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [Windows SA] C:Program FilesWindowsSAomniscient.exe O4 - HKLM..Run: [ocytdiuuzpdw] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] men der er stadig et andet baggrund billede og det kan jeg ikke få væk og min start side på internettet kan jeg heller ikke lave om kan du se hvad der er i vejen med det
--
Gæstebruger, opret dit eget login og få din egen signatur.
#5
Armageddon
Moderator
03-08-2004 01:18

Rapporter til Admin
Det var en ordentlig omgang, og det har bestemt ryddet ud i malwaren. Nu tager vi det sidste. Kør en ny scanning med HJT og sæt flueben ved disse: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.pifwherwmvtxxdbx.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html O4 - HKLM..Run: [Windows SA] C:Program FilesWindowsSAomniscient.exe O4 - HKLM..Run: [ocytdiuuzpdw] C:WINDOWSSystem32pasqena.exe O4 - HKLM..Run: [ref exit] C:PROGRA~1MODETI~1drv mpeg size.exe O4 - HKCU..Run: [Microsoft Update] wuamgrd.exe Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og start KillBox op. I tekstfeltet skriver du C:\WINDOWS\secure.html. Vælg så Action -> Delete on reboot. Nu dukker der et lille vindue op - vælg File -> Add file. Vælg Action -> Process and reboot. Når har genstartet kører du en ny scanning med HJT og smider loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#6
jesper
Gæst
03-08-2004 16:33

Rapporter til Admin
Logfile of HijackThis v1.97.7 Scan saved at 16:34:58, on 03-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:Documents and SettingsjesperMenuen StartProgrammerStartVentrilo.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:NORMANNvcBINNVCOA.EXE C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBINNVCOA.EXE C:ProgrammerMSN MessengerMsnMsgr.Exe C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN vcoas.exe C:NORMANNvcBIN ipsvc.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.lfcdpujstscoxjcmojfuv.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.
#7
Armageddon
Moderator
03-08-2004 22:34

Rapporter til Admin
Hmm, det er da grov. Du må hellere printe dette ud eller skrive de vigtigste ting ned. Genstart din PC i fejlsikret tilstand. Du må under ingen omstændigheder åbne IE. Start så KillBox op. I tekstfeltet skriver du C:\WINDOWS\secure.html og klikker på "Kill File". Gå i Denne computer og søg på secure.html (nu skal vi sikre os at den ikke længere findes på systemet) - det skulle gerne ende med at du ikke finder noget. Kør så en ny scanning med HJT og sæt flueben ved disse: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.lfcdpujstscoxjcmojfuv.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet. Vi må hellere gå en tur i registreringsdatabasen (Start-> Kør...-> skriv regedit og tryk <Enter>). Vælg Rediger-> Søg (Ctrl+B) og skriv secure.html i tekstfeltet, og tryk på "Find næste". Slet nøglen. Gentag søgningen med F3. Fortsæt indtil der ikke er flere forekomster. Luk databasen. Genstart maskinen. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#8
jesper
Gæst
05-08-2004 22:27

Rapporter til Admin
Logfile of HijackThis v1.97.7 Scan saved at 22:29:12, on 05-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32RunDll32.exe D:ProgrammerWinampwinampa.exe D:Programmerdaemon.exe C:WINDOWSSystem32RUNDLL32.EXE C:NORMANNvcBINLH.EXE C:ProgrammerMessenger Plus! 3MsgPlus.exe C:windowsmsbb.exe C:WINDOWSifixoz.exe C:WINDOWSSystem32msrexe.exe C:WINDOWSSystem32 undll32.exe C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe C:WINDOWSSystem32ctfmon.exe C:PROGRA~1PANICW~1POP-UP~1PSFree.exe C:WINDOWSexplorer.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:Documents and SettingsjesperApplication Datauccn.exe C:Documents and SettingsjesperMenuen StartProgrammerStartRefreshLock.exe C:Documents and SettingsjesperMenuen StartProgrammerStartVentrilo.exe D:ProgrammerWinampwinamp.exe C:WINDOWSSystem32msdtc.exe C:NormanNvcBINanda.exe C:WINDOWSSystem32 vsvc32.exe C:NORMANNvcBINNVCOA.EXE C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBINNVCOA.EXE C:WINDOWSSystem32mqsvc.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBIN vcoas.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchmiracle.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:WINDOWSEliteBarEliteBar version 38.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:WINDOWSEliteBarEliteBar version 38.dll O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [DAEMON Tools-1033] "D:Programmerdaemon.exe" -lang 1033 -lock O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM..Run: [Norman ZANDA] C:NORMANNvcBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [msbb] c:windowsmsbb.exe O4 - HKLM..Run: [ifixoz] C:WINDOWSifixoz.exe O4 - HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program FilesCONFLICT.1ridge.dll",Load O4 - HKCU..Run: [Steam] D:SPILSteam.exe -silent O4 - HKCU..Run: [Active Desktop Calendar] C:PROGRA~1XEMICO~1ACTIVE~1ADC.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [PopUpStopperFreeEdition] "C:PROGRA~1PANICW~1POP-UP~1PSFree.exe" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O4 - Startup: RefreshLock.exe O4 - Startup: Ventrilo.exe O4 - Startup: Winamp.lnk = D:ProgrammerWinampwinamp.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: v2cab - http://searchmiracle.com[...] O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c: osuch.mht!http://213.159.117.133[...] O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com[...] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.
#9
Armageddon
Moderator
08-08-2004 10:24

Rapporter til Admin
Start direkte op i fejlsikret tilstand og sørg for at der ikke er netforbindelse. Du må ikke åbne IE. Kør så CWShredder (du har opdateret den tidligere, så det er ikke nødvendigt nu). Kør herefter KillBox og skriv C:\windows\msbb.exe i tekstfeltet, og tryk så på "Kill File". Gentag med disse: C:\WINDOWS\ifixoz.exe C:\WINDOWS\System32\msrexe.exe C:\Documents and Settings\jesper\Application Data\uccn.exe C:\WINDOWS\EliteBar\EliteBar version 38.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll C:\WINDOWS\secure.html Lav så en global søgning filerne - det skulle gerne være sådan at du ikke finder dem længere. Finder du nogle så gentag ovenstående procedure indtil filen ikke længere findes. Kør en ny scanning med HJT og sæt flueben ved disse: R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchmiracle.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://searchmiracle.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = C:WINDOWSsecure.html R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = C:WINDOWSsecure.html R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WINDOWSsecure.html O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:WINDOWSEliteBarEliteBar version 38.dll O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:WINDOWSEliteBarEliteBar version 38.dll O4 - HKLM..Run: [msbb] c:windowsmsbb.exe O4 - HKLM..Run: [ifixoz] C:WINDOWSifixoz.exe O4 - HKLM..Run: [System Service] C:WINDOWSSystem32msrexe.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program FilesCONFLICT.1 ridge.dll",Load O4 - HKCU..Run: [Oesa] C:Documents and SettingsjesperApplication Datauccn.exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: v2cab - http://searchmiracle.com[...] O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c: osuch.mht!http://213.159.117.133[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og åbn regedit. Søg på secure.html og slet alle forekomster. Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]
#10
greebo
Gæst
08-08-2004 19:33

Rapporter til Admin
Er bare lidt nysgerrig!!! har du fået renset din log jesper?
--
Gæstebruger, opret dit eget login og få din egen signatur.
#11
greebo
Gæst
08-08-2004 19:35

Rapporter til Admin
doh!!!! havde ikke set du lige har skrevet i din her d. 8 Armageddon.
--
Gæstebruger, opret dit eget login og få din egen signatur.

Opret svar til indlægget: HJT (for Jesper)

Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.

Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.

Opret bruger | Login
NYHEDSBREV
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Afstemning

Hvilken udbyder har du til internet?

425 personer har stemt
-
Mit energiselskab (Ewii f.eks)
12%
-
Fastspeed
10%
-
Kviknet
4%
-
Boligforening
9%
-
Norlys
14%
-
Hiper
11%
-
Fibia
4%
-
Telenor
4%
-
YouSee
10%
-
Andet
22%