‹‹ Mozilla Thunderbird og Outlook Express.     Hvad for nogle programmer ? ››
 
 
 
istbar
    [ Ignorer ]   
  Lenny
29.01.2005 21:46:17
Antal indlæg: 12

Jeg har 2 irriterende adware-istbar spyware. Jeg har kørt ad-aware og spysweeper som fjerner dem og 5 minuter senere er de der igen. Jeg har også prøvet fxistbar. Fxistbar siger at computern er ren.

Venlig hilsen Lenny

Logfile of HijackThis v1.99.0
Scan saved at 19:29:21, on 29-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/alg.exe
C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/wdfmgr.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/mHotkey.exe
C:/WINDOWS/System32/VTTimer.exe
C:/WINDOWS/SOUNDMAN.EXE
C:/Programmer/iTunes/iTunesHelper.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/eMusic/eMusicClient.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Programmer/iPod/bin/iPodService.exe
C:/WINDOWS/yqgbde.exe
C:/WINDOWS/System32/ctfmon.exe
C:/Programmer/OpenOffice.org1.1.3/program/soffice.exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/Documents and Settings/Lennart/Skrivebord/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:/PROGRA~1/SPYWAR~1/tools/iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/programmer/google/googletoolbar2.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/programmer/google/googletoolbar2.dll
O4 - HKLM/../Run: [CHotkey] mHotkey.exe
O4 - HKLM/../Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [VTTimer] VTTimer.exe
O4 - HKLM/../Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM/../Run: [iTunesHelper] C:/Programmer/iTunes/iTunesHelper.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [eMusicClient Systray] C:/Programmer/eMusic/eMusicClient.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [1A.tmp] C:/DOCUME~1/Lennart/LOKALE~1/Temp/1A.tmp.exe 3 10001
O4 - HKLM/../Run: [e6ke] C:/WINDOWS/yqgbde.exe
O4 - HKCU/../Run: [ctfmon.exe] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [SpySweeper] “C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe” /0
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:/Programmer/OpenOffice.org1.1.3/program/quickstart.exe
O8 - Extra context menu item: &Google; Search - res://c:/programmer/google/GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:/programmer/google/GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:/programmer/google/GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:/programmer/google/GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:/programmer/google/GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk/
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://safehouse1.cybercity.dk/privat/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O23 - Service: CA License Client - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmtd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:/Programmer/iPod/bin/iPodService.exe
O23 - Service: Event Log Watch - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE

Logfile of HijackThis v1.99.0
Scan saved at 19:29:21, on 29-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/alg.exe
C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/wdfmgr.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/mHotkey.exe
C:/WINDOWS/System32/VTTimer.exe
C:/WINDOWS/SOUNDMAN.EXE
C:/Programmer/iTunes/iTunesHelper.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/eMusic/eMusicClient.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Programmer/iPod/bin/iPodService.exe
C:/WINDOWS/yqgbde.exe
C:/WINDOWS/System32/ctfmon.exe
C:/Programmer/OpenOffice.org1.1.3/program/soffice.exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/Documents and Settings/Lennart/Skrivebord/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:/PROGRA~1/SPYWAR~1/tools/iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/programmer/google/googletoolbar2.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/programmer/google/googletoolbar2.dll
O4 - HKLM/../Run: [CHotkey] mHotkey.exe
O4 - HKLM/../Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [VTTimer] VTTimer.exe
O4 - HKLM/../Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM/../Run: [iTunesHelper] C:/Programmer/iTunes/iTunesHelper.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [eMusicClient Systray] C:/Programmer/eMusic/eMusicClient.exe
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe”  -osboot
O4 - HKLM/../Run: [1A.tmp] C:/DOCUME~1/Lennart/LOKALE~1/Temp/1A.tmp.exe 3 10001
O4 - HKLM/../Run: [e6ke] C:/WINDOWS/yqgbde.exe
O4 - HKCU/../Run: [ctfmon.exe] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [SpySweeper] “C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe” /0
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:/Programmer/OpenOffice.org1.1.3/program/quickstart.exe
O8 - Extra context menu item: &Google; Search - res://c:/programmer/google/GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:/programmer/google/GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:/programmer/google/GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:/programmer/google/GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:/programmer/google/GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk/
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://safehouse1.cybercity.dk/privat/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O23 - Service: CA License Client - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmtd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:/Programmer/iPod/bin/iPodService.exe
O23 - Service: Event Log Watch - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
    [ Ignorer ]   [ # 1 ]   
  Andersenph TeamSpywarefri
29.01.2005 21:55:01
Redaktør
Supporter Emeritus
Antal indlæg: 4797

Hejsa Lenny og velkommen til Spywarefri smile

Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware
Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware
Følg også vejledningen her til udvidet søgning: http://www.spywarefri.dk/tipsogtricks.htm#adaware

Sæt lige de indstillinger korrekt, så det er klar til brug senere.

Følg vejledningen her: http://www.spywarefri.dk/hjtanv.htm (punkt 6). Fix disse med HijackThis:

O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKLM/../Run: [1A.tmp] C:/DOCUME~1/Lennart/LOKALE~1/Temp/1A.tmp.exe 3 10001
O4 - HKLM/../Run: [e6ke] C:/WINDOWS/yqgbde.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)

———————————————————————————-

Vi skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen.

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.


Disse programmer skal slettes i fejlsikret tilstand. Du genstarter og trykker F8 når Windows starter op.

Søg efter disse filer:

C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/WINDOWS/yqgbde.exe

Søg efter disse mapper:

C:/DOCUME~1/Lennart/LOKALE~1/Temp -> tøm mappen og tøm din papirkurv bagefter.

Kør så programmet Ad-aware, fjern alt hvad den finder.

Download DelDomains.inf
http://www.mvps.org/winhelp2002/DelDomains.inf

Højreklik på DelDomains.inf og vælg: Install
Dette vil fjerne alle entries I trusted og restricted zone

Derefter genstarter du og sender en ny log ind til check

 
    [ Ignorer ]   [ # 2 ]   
  Lenny
30.01.2005 01:06:21
Antal indlæg: 12

Hej og tak!
Jeg har gjort omtrent som du sa.  Jeg kan ikke downloade noget i fejlsikret tilstand så DelDomains installeredes i normalt tilstand. Håber ikke det ødelægger hele processen…
Skal jeg Sætte fluebenet tillbage ved ” skjul beskyttede operativsystemer” ??
(Undskyld hvis mit sprog er for meget svensk-dansk)

Her er min logfile

Logfile of HijackThis v1.99.0
Scan saved at 22:59:11, on 29-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/alg.exe
C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/wdfmgr.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/mHotkey.exe
C:/WINDOWS/System32/VTTimer.exe
C:/WINDOWS/SOUNDMAN.EXE
C:/Programmer/iTunes/iTunesHelper.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/eMusic/eMusicClient.exe
C:/WINDOWS/System32/ctfmon.exe
C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe
C:/Programmer/OpenOffice.org1.1.3/program/soffice.exe
C:/Programmer/iPod/bin/iPodService.exe
C:/WINDOWS/System32/wuauclt.exe
C:/Programmer/Canon/MultiPASS4/MPDBMgr.exe
C:/Documents and Settings/Lennart/Skrivebord/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:/PROGRA~1/SPYWAR~1/tools/iesdsg.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/programmer/google/googletoolbar2.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/programmer/google/googletoolbar2.dll
O4 - HKLM/../Run: [CHotkey] mHotkey.exe
O4 - HKLM/../Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [VTTimer] VTTimer.exe
O4 - HKLM/../Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM/../Run: [iTunesHelper] C:/Programmer/iTunes/iTunesHelper.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [eMusicClient Systray] C:/Programmer/eMusic/eMusicClient.exe
O4 - HKLM/../Run: [e6ke] C:/WINDOWS/yqgbde.exe
O4 - HKCU/../Run: [ctfmon.exe] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [SpySweeper] “C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe” /0
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:/Programmer/OpenOffice.org1.1.3/program/quickstart.exe
O8 - Extra context menu item: &Google; Search - res://c:/programmer/google/GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:/programmer/google/GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:/programmer/google/GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:/programmer/google/GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:/programmer/google/GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://safehouse1.cybercity.dk/privat/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O23 - Service: CA License Client - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmtd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:/Programmer/iPod/bin/iPodService.exe
O23 - Service: Event Log Watch - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
    [ Ignorer ]   [ # 3 ]   
  NiMo TeamSpywarefri
30.01.2005 02:00:37
Antal indlæg: 1212

Hej smile

Det er ser jo straks bedre ud - men der er stadig lidt tilbage wink

Gå i tilføj/fjern og fjern eMusic/eMusicClient

Genstart så programmet bliver ordentlig fjernet.

Hent,denne engangscanner: http://www.spywareinfo.dk/download/mwav.exe
Gem den, vi skal bruge den senere.

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, der skal fixes:

F2 - REG:system.ini: Shell=

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:/PROGRA~1/SPYWAR~1/tools/iesdsg.dll (file missing)

O4 - HKLM/../Run: [eMusicClient Systray] C:/Programmer/eMusic/eMusicClient.exe
O4 - HKLM/../Run: [e6ke] C:/WINDOWS/yqgbde.exe


Disse er unødvendige at have liggende i din opstart, da de alle kan nås via startprogrammer. De ligger bare og “sluger” computerens kræfter.
Du kan Fjerne vingen til venstre for følgende programmer, hvis du ønsker det:
Tryk på Start
Klik på Kør
Skriv: msconfig
Klik på OK
Vælg fanebladet Start

Du kan fjerne vingen fra følgende:

[ctfmon.exe] C:/WINDOWS/System32/ctfmon.exe
OpenOffice.org 1.1.3.lnk = C:/Programmer/OpenOffice.org1.1.3/program/quickstart.exe
[SoundMan] SOUNDMAN.EXE
[QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime

Så skal vi lige være sikre på at du kan se alle filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

Genstart i fejlsikret tilstand (f8 ved opstart)

Find og slet følgende med rødt:

C:/Programmer/eMusic/
C:/WINDOWS/yqgbde.exe

Nu kører du skanneren, som vi hentede før (stadig i fejlsikret tilstand)
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Den skanner nu, og dette kan godt tage et par timer.

Genstart din computer og kom med en frisk log fra HijackThis til tjek.

    [ Ignorer ]   [ # 4 ]   
  Lenny
30.01.2005 12:18:40
Antal indlæg: 12

Hej, nu ser min log ud så her:Logfile of HijackThis v1.99.0
Scan saved at 10:20:28, on 30-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/alg.exe
C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/wdfmgr.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/mHotkey.exe
C:/WINDOWS/System32/VTTimer.exe
C:/Programmer/iTunes/iTunesHelper.exe
C:/Programmer/iPod/bin/iPodService.exe
C:/WINDOWS/System32/wuauclt.exe
C:/Documents and Settings/Lennart/Skrivebord/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/PROGRA~1/SPYBOT~1/SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/programmer/google/googletoolbar2.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/programmer/google/googletoolbar2.dll
O4 - HKLM/../Run: [CHotkey] mHotkey.exe
O4 - HKLM/../Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [VTTimer] VTTimer.exe
O4 - HKLM/../Run: [iTunesHelper] C:/Programmer/iTunes/iTunesHelper.exe
O4 - HKLM/../Run: [MSConfig] C:/WINDOWS/PCHealth/HelpCtr/Binaries/MSConfig.exe /auto
O4 - HKCU/../Run: [SpySweeper] “C:/Programmer/Webroot/Spy Sweeper/SpySweeper.exe” /0
O8 - Extra context menu item: &Google; Search - res://c:/programmer/google/GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:/programmer/google/GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:/programmer/google/GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:/programmer/google/GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:/programmer/google/GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://safehouse1.cybercity.dk/privat/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp01.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O23 - Service: CA License Client - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/lic98rmtd.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:/Programmer/iPod/bin/iPodService.exe
O23 - Service: Event Log Watch - Computer Associates - C:/Programmer/CA/SharedComponents/CA_LIC/LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:/Programmer/Canon/MultiPASS4/MPSERVIC.EXE
    [ Ignorer ]   [ # 5 ]   
  Resist TeamSpywarefri
30.01.2005 12:56:29
Redaktør
Avatar
Team Spywarefri
Antal indlæg: 11785

Fix denne med HijackThis:

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

Genstart.

Herefter ser din log ren ud.

Du skal slå systemgendannelse fra. Hvis du ikke ved, hvordan du gør, så kig her: http://www.spywarefri.dk/virusscannere.htm#alle
Herefter genstarter du og slår systemgendannelse til igen. Du må også sætte mappeindstillinger tilbage til oprindelige indstillinger.

Her er et link til sikker surfing: http://www.spywarefri.dk/pakken.htm

Hjalp ”kuren”?

Signatur

Med venlig hilsen
Resist TeamSpywarefri

Member of: Alliance of Security Analysis Professionals

    [ Ignorer ]   [ # 6 ]   
  Lenny
30.01.2005 20:17:45
Antal indlæg: 12

Hej og tusen tak! jeg kørde ad-aware og den viste ren computer!

Spysweeper fortæller mig at ms-config er med som opstart-program, og spørger om jeg vil ha det.

1.Vil jeg det?

2.kan jeg slette deldomains?

Jeg giver en lille donation!

Hilsen Lenny

    [ Ignorer ]   [ # 7 ]   
  A.Behrendt TeamSpywarefri
30.01.2005 20:46:42
Redaktør
Supporter Emeritus
Antal indlæg: 25535

Hej Lenny

Velbekomme dig.

Nej, ms-config behøver ikke at være med som opstarts-program, så sig du bare nej tak til det.

Ja, slet du bare deldomains. Men nu skal du huske at det prg. har slettet alt i domains. Så havde du ie-spyad installeret før, så skal du lige installere det igen - du finder det i pakken. Det samme gælder for SpywareBlaster, det skal også geninstalleres.

Jeg vil på vegne af hele spywarefri, takke dig for din støtte, du vil kunne se dit navn på listen, når “den” er nået frem kig her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=4923

 
‹‹ Mozilla Thunderbird og Outlook Express.     Hvad for nogle programmer ? ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves