Spywarefri Forum | Adware??

Adware??

[ Ignorer ] Studs
21.09.2004 12:03:53 Helt nyt medlem Antal indlæg: 6	Min computer har fået ondt i ryggen! Jeg har fået en ny startup side og jeg kan ikke ændre den igen. Når jeg er på nettet kommer jeg ikke derhen hvor jeg gerne vil. Den kommer pup-up’s selvom jeg har Googles pop-up blocker installeret. Jeg har installeret Zone alarm, og den blocker konstant trafik til 10.101.85.31 og 10.101.85.102. Kan i hjælpe? Logfile of HijackThis v1.98.2 Scan saved at 09:48:16, on 21-09-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:/WINNT/System32/smss.exe C:/WINNT/system32/winlogon.exe C:/WINNT/system32/services.exe C:/WINNT/system32/lsass.exe C:/WINNT/system32/svchost.exe C:/WINNT/System32/svchost.exe C:/WINNT/system32/spoolsv.exe C:/WINNT/System32/Ati2evxx.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/DefWatch.exe C:/Program Files/Danware Data/NetOp Remote Control/HOST/NHOSTSVC.EXE C:/PROGRA~1/SYMANT~1/SYMANT~1/Rtvscan.exe C:/WINNT/system32/regsvc.exe C:/WINNT/system32/MSTask.exe C:/WINNT/system32/stisvc.exe C:/WINNT/system32/ZoneLabs/vsmon.exe C:/WINNT/System32/WBEM/WinMgmt.exe C:/Program Files/ORL/VNC/WinVNC.exe C:/WINNT/system32/mspmspsv.exe C:/WINNT/system32/svchost.exe C:/WINNT/Explorer.EXE C:/WINNT/system32/atiptaxx.exe C:/Program Files/Synaptics/SynTP/SynTPLpr.exe C:/Program Files/Synaptics/SynTP/SynTPEnh.exe C:/WINNT/system32/PRPCUI.exe C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe C:/Program Files/Common Files/Real/Update_OB/realsched.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnf.exe C:/Program Files/QuickTime/qttask.exe C:/WINNT/apimw.exe C:/WINNT/bookcase.ini:yxpvj C:/PROGRA~1/ZONELA~1/ZONEAL~1/zlclient.exe C:/WINNT/system32/internat.exe C:/PROGRA~1/COMMON~1/Nokia/Services/SERVIC~1.EXE C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe C:/Program Files/WinZip/WZQKPICK.EXE C:/lotus/wordpro/ltsstart.exe C:/lotus/smartctr/suitest.exe C:/Program Files/Yahoo!/Messenger/ymsgr_tray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpoevm08.exe C:/Program Files/Hewlett-Packard/Digital Imaging/Bin/hpoSTS08.exe C:/Documents and Settings/xcasv/Desktop/Hi/hijackthis.exe R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by FLS miljo A/S R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = http=proxy.flsmiljo.dk:80;https=proxy.flsmiljo.dk:80;ftp=fw1.flsmiljo.dk:8080;gopher=proxy.flsmiljo.dk:80 R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = 127.0.0.1;.tonder.dk;.flsmiljo.dk;.bwe.dk;146.123.;10.101.* R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5A8BE9D6-7630-9FF4-D0FE-2B125C5D9CDD} - C:/WINNT/appwp32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/program files/google/googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/program files/google/googletoolbar1.dll O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM/../Run: [AtiPTA] atiptaxx.exe O4 - HKLM/../Run: [SynTPLpr] C:/Program Files/Synaptics/SynTP/SynTPLpr.exe O4 - HKLM/../Run: [SynTPEnh] C:/Program Files/Synaptics/SynTP/SynTPEnh.exe O4 - HKLM/../Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE O4 - HKLM/../Run: [IDesktop] C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe 1 O4 - HKLM/../Run: [WinVNC] “C:/Program Files/ORL/VNC/WinVNC.exe” -servicehelper O4 - HKLM/../Run: [acac] C:/ACADR14/acac.exe O4 - HKLM/../Run: [slidelia] C:/ACADR14/SUPPORT/slidelia.exe O4 - HKLM/../Run: [REGSHAVE] C:/Program Files/REGSHAVE/REGSHAVE.EXE /AUTORUN O4 - HKLM/../Run: [AdaptecDirectCD] “C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe” O4 - HKLM/../Run: [Nokia Tray Application] C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe O4 - HKLM/../Run: [vptray] C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe O4 - HKLM/../Run: [Share-to-Web Namespace Daemon] C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe O4 - HKLM/../Run: [TkBellExe] “C:/Program Files/Common Files/Real/Update_OB/realsched.exe” -osboot O4 - HKLM/../Run: [QuickTime Task] “C:/Program Files/QuickTime/qttask.exe” -atboottime O4 - HKLM/../Run: [Winad Client] C:/Program Files/Winad Client/Winad.exe O4 - HKLM/../Run: [STOPzilla] “C:/Program Files/STOPzilla!/Stopzilla.exe” /autorun O4 - HKLM/../Run: [apimw.exe] C:/WINNT/apimw.exe O4 - HKLM/../Run: [Ad-aware] “C:/PROGRA~1/Lavasoft/AD-AWA~1/Ad-aware.exe” +c O4 - HKLM/../Run: [Zone Labs Client] C:/PROGRA~1/ZONELA~1/ZONEAL~1/zlclient.exe O4 - HKLM/../RunOnce: [yxpvj] C:/WINNT/bookcase.ini:yxpvj O4 - HKCU/../Run: [internat.exe] internat.exe O4 - HKCU/../Run: [Yahoo! Pager] C:/Program Files/Yahoo!/Messenger/ypager.exe -quiet O4 - HKCU/../Run: [Wcee] C:/Documents and Settings/xcasv/Application Data/sjl?.exe O4 - Startup: Lotus QuickStart.lnk = C:/lotus/wordpro/ltsstart.exe O4 - Startup: Lotus SuiteStart 97.lnk = C:/lotus/smartctr/suitest.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe O4 - Global Startup: Image Transfer.lnk = C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe O4 - Global Startup: officejet 6100.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:/Program Files/WinZip/WZQKPICK.EXE O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present O8 - Extra context menu item: &Google; Search - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo;! Search - file:///C:/Program Files/Yahoo!/Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:/Program Files/Google/GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:/Program Files/Google/GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:/Program Files/Google/GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O12 - Plugin for .pdf: C:/Program Files/Internet Explorer/PLUGINS/nppdf32.dll O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .mt-download.com O15 - Trusted Zone: .my-internet.info O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchmiracle.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://westburton01/officescan/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://westburton01/officescan/clientinstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://westburton01/officescan/clientinstall/setup.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://westburton01/officescan/clientinstall/RemoveCtrl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O17 - HKLM/System/CCS/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS1/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS2/Services/Tcpip/Parameters: Domain = eggdom.co.uk
[ Ignorer ] [ # 1 ] Andersenph TeamSpywarefri
21.09.2004 15:15:29 Redaktør Supporter Emeritus Antal indlæg: 4801	Hejsa Studs Jeg kigger lige på din log, og vender tilbage med, hvad du skal gøre for at få snavset væk. [:D]
[ Ignorer ] [ # 2 ] Andersenph TeamSpywarefri
21.09.2004 15:25:23 Redaktør Supporter Emeritus Antal indlæg: 4801	Hent følgende engangsantivirusscanner fra Kaspersky (den skal du bruge senere): http://www.mwti.net/antivirus/free_utilities.asp Det er ligegyldigt hvilket et af de 7 link derinde, du bruger. Direkte link: http://www.mwti.net/download/tools/mwav.exe - den skal ikke installeres, men kan køres direkte. ___________________________________________________ Hent Aboutbuster: http://www.atribune.org/downloads/AboutBuster.zip Pak zipfilen ud til en mappe du kan finde igen (den skal du også bruge senere). ___________________________________________________ Hent og Installer ReSupreme: http://www.macecraft.com/brief_rs/ Gratis i 30 dage og giver fuld funktionalitet i 30 dage. (den skal du bruge senere) ___________________________________________________ [Du bliver nød til at skrive denne vejledning ud, da du ikke kan have forbindelse med nettet eller have andre programmer åbne end de anførte] Løsnings procedure: 1) Du skal nu trække netstikket ud af din computer, således at du ved med garanti, at du ikke har Internet forbindelse. 2) Åben “Task Manager”/“Windows jobliste” (fanebladet Processer) (du åbner den ved at taste Ctrl+Alt+Del). Find disse processer, højreklik på dem og vælg Afslut job: apimw.exe 3) Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”: R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/kyzgw.dll/sp.html#29126 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {5A8BE9D6-7630-9FF4-D0FE-2B125C5D9CDD} - C:/WINNT/appwp32.dll O4 - HKLM/../Run: [TkBellExe] “C:/Program Files/Common Files/Real/Update_OB/realsched.exe” -osboot O4 - HKLM/../Run: [QuickTime Task] “C:/Program Files/QuickTime/qttask.exe” -atboottime O4 - HKLM/../Run: [Winad Client] C:/Program Files/Winad Client/Winad.exe O4 - HKLM/../Run: [apimw.exe] C:/WINNT/apimw.exe O4 - HKLM/../RunOnce: [yxpvj] C:/WINNT/bookcase.ini:yxpvj O4 - HKCU/../Run: [Wcee] C:/Documents and Settings/xcasv/Application Data/sjl?.exe O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .mt-download.com O15 - Trusted Zone: .my-internet.info O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchmiracle.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6 O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab 4) Luk HijackThis og kør AboutBuster (den du hentede tidligere) - tryk ok til meddelelsen, tryk på start. Når den er færdig med sin scanning, kopier da den log, som kommer frem i den anden hvide boks. Gem den i notesblok, da du skal bruge den lidt senere. 5) For at kunne se alle filer: Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved “Skjul beskyttede operativsystemfiler”. Fjern flueben ved “Skjul filtypenavne for kendte filtyper”. Sæt prik i “Vis skjulte filer og mapper”. 6) Nu skal der rydes op i dine temp filer: Start -> Alle Programmer -> Tilbehør -> System værktøjer -> Diskoprydning. Lad den rense alle dine drev. Gå nu i stifinder og find mappen c:/windows/temp – og slet alt indholdet. 7) Åbn Notepad/Notesblok du finder det under; Start -> Programmer -> Tilbehør. Kopier det her ind i Notepad/Notesblok: del C:/WINNT/apimw.exe /f del C:/WINNT/system32/kyzgw.dll /f del C:/WINNT/appwp32.dll /f Gem filen på Skrivebordet som: RENS.bat I filtyper skal der stå ”Alle filer” Klik derefter på gem. Luk ALLE vinduer - dobbeltklik på filen RENS.bat - det kan du roligt gøre et par gange. For en sikkerheds skyld skal du bagefter, tjekke om disse filer er blevet slettet. Så søg efter dem og slet hvis de findes. Hvis du ikke kan slette dem, og der opstår fejl, prøv da at trykke ”ctrl+alt+del” og afslut dem i ”Task Manager” og prøv så at slette dem igen. 8) Kør HijackThis igen og se om de ting du lige har slettet er kommet igen. Hvis de er kommet igen, marker da disse filer igen ligesom før og fix dem, og kør igen AboutBuster… dvs. Gentag om nødvendigt punkt 2, 3,4,6 og 7. 9) Kør så RegSupreme, som du har hentet tidligere og fix/fjern det den finder. 10) Kør Engangsantivirusscanneren fra Kaspersky; Aktiver det hele i opsætningen derinde, så du får scannet alt igennem. 11) Følg det råd her med at få lagt omtalte adresse i klassificeret zone og evt. også i firewall http://www.spywarefri.dk/virus.htm#snedig 12) Genstart din computer 13) Tilslut din internet forbindelse igen og læg en frisk HijackThis log herind sammen med den rapport du kopierede i pkt. 4.
[ Ignorer ] [ # 3 ] A.Behrendt TeamSpywarefri
21.09.2004 15:34:24 Redaktør Supporter Emeritus Antal indlæg: 25551	Er det her en firmacomputer????? Domain = eggdom.co.uk
[ Ignorer ] [ # 4 ] Studs
28.09.2004 08:54:30 Helt nyt medlem Antal indlæg: 6	Ja?
[ Ignorer ] [ # 5 ] Resist TeamSpywarefri
28.09.2004 09:14:44 Redaktør Team Spywarefri Antal indlæg: 11746	http://www.spywarefri.dk/forum/rules.asp under ”Brugeroprettelse” punkt 1. Signatur Med venlig hilsen Resist TeamSpywarefri Member of: Alliance of Security Analysis Professionals
[ Ignorer ] [ # 6 ] Perhaps Emeritus
28.09.2004 09:34:08 Redaktør Supporter Emeritus Antal indlæg: 18285	Grunden til dette punkt i vore regler er at vi mener at firmaer også har råd til at betale os et rimeligt beløb, men der er flere ting som gør sig gældende blandt andet omkring erhvervs- og produktansvar.
[ Ignorer ] [ # 7 ] Studs
28.09.2004 12:10:15 Helt nyt medlem Antal indlæg: 6	Jeg ved ikke om jeg kan bruge jeres software? Hvis jeg ikke kan skal jeg nok lade være. Det er en bærbar computer som jeg bruger privat, men skal jeg på nettet, foregår det på mit arbejde. Den kan dog også gå på trådløst på cafeer og lign.. Det er en firmacomputer i den forstand, at den har været i tjeneste i nogle år, men den er nu udtjent og jeg har så overtaget den som en slags firma PC ordning. Jeg trode det var OK da jeg har set andre der har benyttet forum til at få renset PC’er de har fået gennem deres arbejde? Jeg tror ikke mit firma vil blandes ind i at få renset min. Lad mig høre om det er OK at jeg går vidre med at rense min computer.
[ Ignorer ] [ # 8 ] Perhaps Emeritus
28.09.2004 14:33:27 Redaktør Supporter Emeritus Antal indlæg: 18285	Ja, den forklaring er helt fin. Bare go on. Problemet er at mange firmaer udnytter os. Som der var en der sagde: Tak for den fine rensning af pc’en. Det betaler firmaet normalt 1000 til 1500 kr. for. Vi fik så til gengæld en tak, men var det ikke det smedens kat døde af
[ Ignorer ] [ # 9 ] Studs
28.09.2004 15:22:37 Helt nyt medlem Antal indlæg: 6	Øhm, nu var jeg lidt sen til at se der var kommet svar på min første log. Jeg trode jeg ville få en mail når der var svar? Nå, men i mellemtiden har jeg så lavet en opdatering af Windows, og nu da jeg skal til at udføre brugsanvisningen, kan jeg se at min log har ændret sig. Hvis det ikke er formeget besvær ville det være dejligt hvis i ville kikke den igennem så jeg ikke slætter noget forkert. Logfile of HijackThis v1.98.2 Scan saved at 13:14:13, on 28-09-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:/WINNT/System32/smss.exe C:/WINNT/system32/winlogon.exe C:/WINNT/system32/services.exe C:/WINNT/system32/lsass.exe C:/WINNT/system32/svchost.exe C:/WINNT/System32/svchost.exe C:/WINNT/system32/spoolsv.exe C:/WINNT/System32/Ati2evxx.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/DefWatch.exe C:/Program Files/Danware Data/NetOp Remote Control/HOST/NHOSTSVC.EXE C:/PROGRA~1/SYMANT~1/SYMANT~1/Rtvscan.exe C:/WINNT/system32/regsvc.exe C:/WINNT/system32/MSTask.exe C:/WINNT/system32/stisvc.exe C:/WINNT/system32/ZoneLabs/vsmon.exe C:/WINNT/System32/WBEM/WinMgmt.exe C:/Program Files/ORL/VNC/WinVNC.exe C:/WINNT/system32/mspmspsv.exe C:/WINNT/system32/svchost.exe C:/WINNT/Explorer.EXE C:/WINNT/system32/atiptaxx.exe C:/Program Files/Synaptics/SynTP/SynTPLpr.exe C:/Program Files/Synaptics/SynTP/SynTPEnh.exe C:/WINNT/system32/PRPCUI.exe C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe C:/Program Files/Common Files/Real/Update_OB/realsched.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnf.exe C:/Program Files/QuickTime/qttask.exe C:/PROGRA~1/COMMON~1/Nokia/Services/SERVIC~1.EXE C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe C:/WINNT/bookcase.ini:yxpvj C:/WINNT/system32/internat.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe C:/Program Files/WinZip/WZQKPICK.EXE C:/lotus/wordpro/ltsstart.exe C:/lotus/smartctr/suitest.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpoevm08.exe C:/Program Files/Yahoo!/Messenger/ymsgr_tray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/Bin/hpoSTS08.exe C:/Documents and Settings/xcasv/Desktop/Hi/hijackthis.exe C:/WINNT/system32/NOTEPAD.EXE R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by FLS miljo A/S R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = http=proxy.flsmiljo.dk:80;https=proxy.flsmiljo.dk:80;ftp=fw1.flsmiljo.dk:8080;gopher=proxy.flsmiljo.dk:80 R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = 127.0.0.1;.tonder.dk;.flsmiljo.dk;.bwe.dk;146.123.;10.101.* R3 - Default URLSearchHook is missing O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/program files/google/googletoolbar1.dll O2 - BHO: (no name) - {E959261D-896F-F10F-FC95-BA3977F30CD0} - C:/WINNT/system32/iewj.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/program files/google/googletoolbar1.dll O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM/../Run: [AtiPTA] atiptaxx.exe O4 - HKLM/../Run: [SynTPLpr] C:/Program Files/Synaptics/SynTP/SynTPLpr.exe O4 - HKLM/../Run: [SynTPEnh] C:/Program Files/Synaptics/SynTP/SynTPEnh.exe O4 - HKLM/../Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE O4 - HKLM/../Run: [IDesktop] C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe 1 O4 - HKLM/../Run: [WinVNC] “C:/Program Files/ORL/VNC/WinVNC.exe” -servicehelper O4 - HKLM/../Run: [acac] C:/ACADR14/acac.exe O4 - HKLM/../Run: [slidelia] C:/ACADR14/SUPPORT/slidelia.exe O4 - HKLM/../Run: [REGSHAVE] C:/Program Files/REGSHAVE/REGSHAVE.EXE /AUTORUN O4 - HKLM/../Run: [AdaptecDirectCD] “C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe” O4 - HKLM/../Run: [Nokia Tray Application] C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe O4 - HKLM/../Run: [vptray] C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe O4 - HKLM/../Run: [Share-to-Web Namespace Daemon] C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe O4 - HKLM/../Run: [TkBellExe] “C:/Program Files/Common Files/Real/Update_OB/realsched.exe” -osboot O4 - HKLM/../Run: [QuickTime Task] “C:/Program Files/QuickTime/qttask.exe” -atboottime O4 - HKLM/../Run: [Winad Client] C:/Program Files/Winad Client/Winad.exe O4 - HKLM/../Run: [STOPzilla] “C:/Program Files/STOPzilla!/Stopzilla.exe” /autorun O4 - HKLM/../Run: [apimw.exe] C:/WINNT/apimw.exe O4 - HKLM/../Run: [Ad-aware] “C:/PROGRA~1/Lavasoft/AD-AWA~1/Ad-aware.exe” +c O4 - HKLM/../Run: [Zone Labs Client] “C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe” O4 - HKLM/../RunOnce: [yxpvj] C:/WINNT/bookcase.ini:yxpvj O4 - HKCU/../Run: [internat.exe] internat.exe O4 - HKCU/../Run: [Yahoo! Pager] C:/Program Files/Yahoo!/Messenger/ypager.exe -quiet O4 - HKCU/../Run: [Wcee] C:/Documents and Settings/xcasv/Application Data/sjl?.exe O4 - Startup: Lotus QuickStart.lnk = C:/lotus/wordpro/ltsstart.exe O4 - Startup: Lotus SuiteStart 97.lnk = C:/lotus/smartctr/suitest.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe O4 - Global Startup: Image Transfer.lnk = C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe O4 - Global Startup: officejet 6100.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:/Program Files/WinZip/WZQKPICK.EXE O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present O8 - Extra context menu item: &Google; Search - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo;! Search - file:///C:/Program Files/Yahoo!/Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:/Program Files/Google/GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:/Program Files/Google/GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:/Program Files/Google/GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O12 - Plugin for .pdf: C:/Program Files/Internet Explorer/PLUGINS/nppdf32.dll O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .mt-download.com O15 - Trusted Zone: .my-internet.info O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchmiracle.com O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://westburton01/officescan/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://westburton01/officescan/clientinstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://westburton01/officescan/clientinstall/setup.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://westburton01/officescan/clientinstall/RemoveCtrl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O17 - HKLM/System/CCS/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS1/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS2/Services/Tcpip/Parameters: Domain = eggdom.co.uk På forhånd tusind tak for hjælpen!
[ Ignorer ] [ # 10 ] Fromsej TeamSpywarefri
28.09.2004 20:21:42 Administrator Team Spywarefri Antal indlæg: 49098	Når nu du skal i gang med at fixe, så er det vigtigt at du ikke har Internet Explorer (IE) åben - så det bedste er at printe instruksen ud - næstbedst er det at kopiere instruksen over i Notepad/Notesblok og læse den derfra. 1. Hent disse programmer: http://www.downloads.subratam.org/AboutBuster.zip http://danborg.org/spy/CWS/cwshredder.exe Pak AboutBuster ud til sin egen mappe. Placer CWShredder i sin egen mappe. 2. Tryk CTRL+ALT+DEL, vælg fanebladet Processer, find og højreklik på processerne Winad.exe apimw.exe sjl?.exe ... vælg Afslut proces. 3. Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”: R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/system32/bcvqx.dll/sp.html#29126 O2 - BHO: (no name) - {E959261D-896F-F10F-FC95-BA3977F30CD0} - C:/WINNT/system32/iewj.dll O4 - HKLM/../Run: [Winad Client] C:/Program Files/Winad Client/Winad.exe O4 - HKLM/../Run: [apimw.exe] C:/WINNT/apimw.exe O4 - HKCU/../Run: [Wcee] C:/Documents and Settings/xcasv/Application Data/sjl?.exe O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present O15 - Trusted Zone: .05p.com O15 - Trusted Zone: .clickspring.net O15 - Trusted Zone: .mt-download.com O15 - Trusted Zone: .my-internet.info O15 - Trusted Zone: .scoobidoo.com O15 - Trusted Zone: .searchmiracle.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6 4. For at kunne se alle filer: Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved “Skjul beskyttede operativsystemfiler”. Fjern flueben ved “Skjul filtypenavne for kendte filtyper”. Sæt prik i “Vis skjulte filer og mapper”. Find og slet: C:/Program Files/Winad Client/ -> Hele mappen. C:/WINNT/apimw.exe C:/Documents and Settings/xcasv/Application Data/sjl?.exe 5. Kør AboutBuster, som du hentede tidligere. 6. Kør CWShredder, luk alle vinduer, undtaget CWSschredder, klik på “Fix”, den scanner nu, når den er færdig klik på “Next”, klik på “Finish”. 7. I Internet Explorer skal du gå i Funktioner -> Windows Update og hente alle kritiske opdateringer. Genstart og kør HijackThis, scan og læg en frisk log herind (nu må du gerne åbne IE). Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone
[ Ignorer ] [ # 11 ] Studs
29.09.2004 10:21:05 Helt nyt medlem Antal indlæg: 6	Hmmm. Det ser ikke rigtig ud til at have hjulpet. Og dog, den første gang jeg startede IE kunne jeg selv bestemme startside, men det kan jeg ikke mere. Jeg har lavet en ny log. Logfile of HijackThis v1.98.2 Scan saved at 07:58:21, on 29-09-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:/WINNT/System32/smss.exe C:/WINNT/system32/winlogon.exe C:/WINNT/system32/services.exe C:/WINNT/system32/lsass.exe C:/WINNT/system32/svchost.exe C:/WINNT/System32/svchost.exe C:/WINNT/system32/spoolsv.exe C:/WINNT/System32/Ati2evxx.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/DefWatch.exe C:/Program Files/Danware Data/NetOp Remote Control/HOST/NHOSTSVC.EXE C:/PROGRA~1/SYMANT~1/SYMANT~1/Rtvscan.exe C:/WINNT/system32/regsvc.exe C:/WINNT/system32/MSTask.exe C:/WINNT/system32/stisvc.exe C:/WINNT/system32/ZoneLabs/vsmon.exe C:/WINNT/Explorer.EXE C:/WINNT/System32/WBEM/WinMgmt.exe C:/Program Files/ORL/VNC/WinVNC.exe C:/WINNT/system32/mspmspsv.exe C:/WINNT/system32/svchost.exe C:/WINNT/system32/atiptaxx.exe C:/Program Files/Synaptics/SynTP/SynTPLpr.exe C:/Program Files/Synaptics/SynTP/SynTPEnh.exe C:/WINNT/system32/PRPCUI.exe C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe C:/Program Files/Common Files/Real/Update_OB/realsched.exe C:/Program Files/QuickTime/qttask.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnf.exe C:/PROGRA~1/COMMON~1/Nokia/Services/SERVIC~1.EXE C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe C:/WINNT/system32/appev32.exe C:/WINNT/system32/internat.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe C:/Program Files/WinZip/WZQKPICK.EXE C:/lotus/wordpro/ltsstart.exe C:/lotus/smartctr/suitest.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpoevm08.exe C:/Program Files/Yahoo!/Messenger/ymsgr_tray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/Bin/hpoSTS08.exe C:/WINNT/bookcase.ini:yxpvj C:/Documents and Settings/xcasv/Desktop/Hi/hijackthis.exe R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/kdprt.dll/sp.html#29126 R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by FLS miljo A/S R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = http=proxy.flsmiljo.dk:80;https=proxy.flsmiljo.dk:80;ftp=fw1.flsmiljo.dk:8080;gopher=proxy.flsmiljo.dk:80 R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = 127.0.0.1;.tonder.dk;.flsmiljo.dk;.bwe.dk;146.123.;10.101.* R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7210E20A-041C-BD77-C12F-9A91C6A2B2A5} - C:/WINNT/mfczi32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/program files/google/googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/program files/google/googletoolbar1.dll O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM/../Run: [AtiPTA] atiptaxx.exe O4 - HKLM/../Run: [SynTPLpr] C:/Program Files/Synaptics/SynTP/SynTPLpr.exe O4 - HKLM/../Run: [SynTPEnh] C:/Program Files/Synaptics/SynTP/SynTPEnh.exe O4 - HKLM/../Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE O4 - HKLM/../Run: [IDesktop] C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe 1 O4 - HKLM/../Run: [WinVNC] “C:/Program Files/ORL/VNC/WinVNC.exe” -servicehelper O4 - HKLM/../Run: [acac] C:/ACADR14/acac.exe O4 - HKLM/../Run: [slidelia] C:/ACADR14/SUPPORT/slidelia.exe O4 - HKLM/../Run: [REGSHAVE] C:/Program Files/REGSHAVE/REGSHAVE.EXE /AUTORUN O4 - HKLM/../Run: [AdaptecDirectCD] “C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe” O4 - HKLM/../Run: [Nokia Tray Application] C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe O4 - HKLM/../Run: [vptray] C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe O4 - HKLM/../Run: [Share-to-Web Namespace Daemon] C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe O4 - HKLM/../Run: [TkBellExe] “C:/Program Files/Common Files/Real/Update_OB/realsched.exe” -osboot O4 - HKLM/../Run: [QuickTime Task] “C:/Program Files/QuickTime/qttask.exe” -atboottime O4 - HKLM/../Run: [STOPzilla] “C:/Program Files/STOPzilla!/Stopzilla.exe” /autorun O4 - HKLM/../Run: [Ad-aware] “C:/PROGRA~1/Lavasoft/AD-AWA~1/Ad-aware.exe” +c O4 - HKLM/../Run: [Zone Labs Client] “C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe” O4 - HKLM/../Run: [appev32.exe] C:/WINNT/system32/appev32.exe O4 - HKCU/../Run: [internat.exe] internat.exe O4 - HKCU/../Run: [Yahoo! Pager] C:/Program Files/Yahoo!/Messenger/ypager.exe -quiet O4 - Startup: Lotus QuickStart.lnk = C:/lotus/wordpro/ltsstart.exe O4 - Startup: Lotus SuiteStart 97.lnk = C:/lotus/smartctr/suitest.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe O4 - Global Startup: Image Transfer.lnk = C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe O4 - Global Startup: officejet 6100.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:/Program Files/WinZip/WZQKPICK.EXE O8 - Extra context menu item: &Google; Search - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo;! Search - file:///C:/Program Files/Yahoo!/Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:/Program Files/Google/GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:/Program Files/Google/GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:/Program Files/Google/GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O12 - Plugin for .pdf: C:/Program Files/Internet Explorer/PLUGINS/nppdf32.dll O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://westburton01/officescan/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://westburton01/officescan/clientinstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://westburton01/officescan/clientinstall/setup.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://westburton01/officescan/clientinstall/RemoveCtrl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O17 - HKLM/System/CCS/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS1/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS2/Services/Tcpip/Parameters: Domain = eggdom.co.uk Tak for den hjælp jeg har fået. Det er ikke mange steder man kan få så suplim en service. Og så gratis! Fantastisk!
[ Ignorer ] [ # 12 ] Magic Spywarefri
29.09.2004 19:35:12 Administrator Team Spywarefri Antal indlæg: 26281	Hej Det er en af de slemme infektioner du har fået[xx(] Hent About:Buster. http://www.downloads.subratam.org/AboutBuster.zip Pak About:Buster ud i sin egen mappe, klik på Update, er der en update så hent den, ellers klik på Exit. du må ikke klikke på Start. Hent og installer ad-aware her: http://www.spywarefri.dk/vaerktoj.htm#adaware Opdater det online, når det er gjort, luk ad-aware igen, efter du har fulgt vejledningen her til udvidet søgning: http://www.spywarefri.dk/tipsogtricks.htm#adaware Følg denne vejledning: Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved “Skjul beskyttede operativsystemfiler”. Fjern flueben ved “Skjul filtypenavne for kendte filtyper”. Sæt prik i “Vis skjulte filer og mapper”. Det er ikke sikkert det her punkt kan gøres, men så fortsæt til næste punkt. Klik på start->Kør skriv services.msc klik OK. Scroll ned af listen til du finder Network Security Service, dobbeltklik på den og klik på Stop, klik så på egenskaber fanebladet generelt her vælger du Starttype=Deaktiveret, klik på anvend, klik på OK. Luk alle vinduer og genstart i fejlsikret tilstand- F8 Kør Hijackthis og sæt flueben ved disse linier: R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = res://C:/WINNT/kdprt.dll/sp.html#29126 R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/kdprt.dll/sp.html#29126 R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = res://C:/WINNT/kdprt.dll/sp.html#29126 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {7210E20A-041C-BD77-C12F-9A91C6A2B2A5} - C:/WINNT/mfczi32.dll O4 - HKLM/../Run: [appev32.exe] C:/WINNT/system32/appev32.exe Klik så på fix Checked. Find og slet: C:/WINNT/mfczi32.dll C:/WINNT/system32/appev32.exe Klik så på start->Kør skriv Regedit, klik OK. Du får et vindue ligesom stifinder, her klikker du dig vej ned til: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services klik på Services Kig efter følgende i højre vindue: __NS_Service __NS_Service_2 __NS_Service_3 Hvis en eller flere af dem er der, højreklik på dem og slet dem. Samme procedure med: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum/Root Her er det Root du skal klikke på. Kør så About:Buster, klik Start->OK når scanningen er færdig, klik Exit og genstart i fejlsikret tilstand. Gentag proceduren med About:buster, denne gang gemmer du rapporten et sted hvor du kan finde den, den skal kopieres herind. Genstart igen i fejlsikret tilstand, kør så Ad-aware. Find og slet alt indhold i dine Temp mapper: C:/WINDOWS/Temp/ C:/Temp/ C:/Documents and Settings/brugernavn/Local Settings/Temp/ Start Internet Explorer, klik på det røde kryds så den ikke prøver at komme på nettet. Klik på Funktioner->Internetindstillinger->Slet filer, husk flueben i Slet alt offline indhold, klik OK og OK igen. Tøm din papirkurv, og genstart i almindelig windows. Scan online hos både Panda og Housecall: http://www.spywarefri.dk/onlinevark.htm Lad dem fjerne hvad de måtte finde. Hen Asquared (A²) her: http://www.emsisoft.com/en/software/free/ Scan med programmet, og lad det fjerne alt det finder. Gratis registrering! Opdater din windows fra Windowsupdate. Genstart. Signatur Medlem af: Alliance of Security Analysis Professionals
[ Ignorer ] [ # 13 ] Studs
05.10.2004 11:14:01 Helt nyt medlem Antal indlæg: 6	Juhuu. Det ser ud til at have hjulpet! Jeg har fjernet ca. 1000 filer! Til trods for det fandt Housecall 39 filer som var inficerede. Der er ikke noget at sige til at computeren bliver langsom. Jeg har aldrig fået en kode til Asquared, så jeg kan ikke aktivere det. Her er en frisk Hijack log: Logfile of HijackThis v1.98.2 Scan saved at 07:59:07, on 05-10-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:/WINNT/System32/smss.exe C:/WINNT/system32/winlogon.exe C:/WINNT/system32/services.exe C:/WINNT/system32/lsass.exe C:/WINNT/system32/svchost.exe C:/WINNT/System32/svchost.exe C:/WINNT/system32/spoolsv.exe C:/WINNT/System32/Ati2evxx.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/DefWatch.exe C:/Program Files/Danware Data/NetOp Remote Control/HOST/NHOSTSVC.EXE C:/PROGRA~1/SYMANT~1/SYMANT~1/Rtvscan.exe C:/WINNT/system32/regsvc.exe C:/WINNT/system32/MSTask.exe C:/WINNT/system32/stisvc.exe C:/WINNT/system32/ZoneLabs/vsmon.exe C:/WINNT/Explorer.EXE C:/WINNT/System32/WBEM/WinMgmt.exe C:/Program Files/ORL/VNC/WinVNC.exe C:/WINNT/system32/mspmspsv.exe C:/WINNT/system32/svchost.exe C:/WINNT/system32/atiptaxx.exe C:/Program Files/Synaptics/SynTP/SynTPLpr.exe C:/Program Files/Synaptics/SynTP/SynTPEnh.exe C:/WINNT/system32/PRPCUI.exe C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe C:/Program Files/Common Files/Real/Update_OB/realsched.exe C:/Program Files/QuickTime/qttask.exe C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe C:/WINNT/system32/internat.exe C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnf.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe C:/PROGRA~1/COMMON~1/Nokia/Services/SERVIC~1.EXE C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe C:/Program Files/WinZip/WZQKPICK.EXE C:/lotus/wordpro/ltsstart.exe C:/lotus/smartctr/suitest.exe C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpoevm08.exe C:/lotus/notes/NLNOTES.EXE C:/Program Files/Yahoo!/Messenger/ymsgr_tray.exe C:/Program Files/Hewlett-Packard/Digital Imaging/Bin/hpoSTS08.exe C:/lotus/notes/namgr.EXE C:/Program Files/Windows Media Player/wmplayer.exe C:/Documents and Settings/xcasv/Desktop/Hi/hijackthis.exe R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by FLS miljo A/S R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyServer = http=proxy.flsmiljo.dk:80;https=proxy.flsmiljo.dk:80;ftp=fw1.flsmiljo.dk:8080;gopher=proxy.flsmiljo.dk:80 R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = 127.0.0.1;.tonder.dk;.flsmiljo.dk;.bwe.dk;146.123.;10.101.* O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:/program files/google/googletoolbar1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:/program files/google/googletoolbar1.dll O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM/../Run: [AtiPTA] atiptaxx.exe O4 - HKLM/../Run: [SynTPLpr] C:/Program Files/Synaptics/SynTP/SynTPLpr.exe O4 - HKLM/../Run: [SynTPEnh] C:/Program Files/Synaptics/SynTP/SynTPEnh.exe O4 - HKLM/../Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE O4 - HKLM/../Run: [IDesktop] C:/Program Files/Immersion Corporation/Immersion Desktop/idesktop.exe 1 O4 - HKLM/../Run: [WinVNC] “C:/Program Files/ORL/VNC/WinVNC.exe” -servicehelper O4 - HKLM/../Run: [acac] C:/ACADR14/acac.exe O4 - HKLM/../Run: [slidelia] C:/ACADR14/SUPPORT/slidelia.exe O4 - HKLM/../Run: [REGSHAVE] C:/Program Files/REGSHAVE/REGSHAVE.EXE /AUTORUN O4 - HKLM/../Run: [AdaptecDirectCD] “C:/Program Files/Roxio/Easy CD Creator 5/DirectCD/DirectCD.exe” O4 - HKLM/../Run: [Nokia Tray Application] C:/Program Files/Common Files/Nokia/NCLTools/NclTray.exe O4 - HKLM/../Run: [vptray] C:/PROGRA~1/SYMANT~1/SYMANT~1/vptray.exe O4 - HKLM/../Run: [Share-to-Web Namespace Daemon] C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe O4 - HKLM/../Run: [TkBellExe] “C:/Program Files/Common Files/Real/Update_OB/realsched.exe” -osboot O4 - HKLM/../Run: [QuickTime Task] “C:/Program Files/QuickTime/qttask.exe” -atboottime O4 - HKLM/../Run: [STOPzilla] “C:/Program Files/STOPzilla!/Stopzilla.exe” /autorun O4 - HKLM/../Run: [Zone Labs Client] “C:/Program Files/Zone Labs/ZoneAlarm/zlclient.exe” O4 - HKCU/../Run: [internat.exe] internat.exe O4 - HKCU/../Run: [Yahoo! Pager] C:/Program Files/Yahoo!/Messenger/ypager.exe -quiet O4 - Startup: Lotus QuickStart.lnk = C:/lotus/wordpro/ltsstart.exe O4 - Startup: Lotus SuiteStart 97.lnk = C:/lotus/smartctr/suitest.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hpobnz08.exe O4 - Global Startup: Image Transfer.lnk = C:/Program Files/Sony Corporation/Image Transfer/SonyTray.exe O4 - Global Startup: officejet 6100.lnk = C:/Program Files/Hewlett-Packard/Digital Imaging/bin/hposol08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:/Program Files/WinZip/WZQKPICK.EXE O8 - Extra context menu item: &Google; Search - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Yahoo;! Search - file:///C:/Program Files/Yahoo!/Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://C:/Program Files/Google/GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:/Program Files/Google/GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:/Program Files/Google/GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:/Program Files/Google/GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps; - file:///C:/Program Files/Yahoo!/Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:/Program Files/Yahoo!/Messenger/yhexbmes0521.dll O12 - Plugin for .pdf: C:/Program Files/Internet Explorer/PLUGINS/nppdf32.dll O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://westburton01/officescan/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://westburton01/officescan/clientinstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://westburton01/officescan/clientinstall/setup.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://westburton01/officescan/clientinstall/RemoveCtrl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O17 - HKLM/System/CCS/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS1/Services/Tcpip/Parameters: Domain = eggdom.co.uk O17 - HKLM/System/CS2/Services/Tcpip/Parameters: Domain = eggdom.co.uk Og en fra AboutBuster som du bad om: Scanned at: 13:12:12 on: 04-10-2004 —Scan 1—————————————- About:Buster Version 3.0 Reference List : 15 No ADS found on system Deleted 2 Service Keys Successfully! Removed! : C:/WINNT/system32/zvizg.dat Attempted Clean Of Temp folder. Removed Uninstall Key (HSA) Removed Uninstall Key (SE) Removed Uninstall Key (SW) Pages Reset… Done! —Scan 2—————————————- About:Buster Version 3.0 Reference List : 15 No ADS found on system Attempted Clean Of Temp folder. Pages Reset… Done! Hvis I ikke har noget at tilføje, kan I for min skyld godt lukke denne sti. Mvh, Studs.
[ Ignorer ] [ # 14 ] Magic Spywarefri
05.10.2004 12:30:04 Administrator Team Spywarefri Antal indlæg: 26281	Du har haft travlt med at fjerne filer[:D] Den ser ren ud nu, så det eneste jeg vil tilføje er: For at sikre din pc fremover ville det være en god idé at bruge nogle af programmerne fra vores lille pakke som du kan se her: http://www.spywarefri.dk/pakken.htm Især vil jeg anbefale Spybot/og eller Ad-aware, SpywareBlaster, IE Privacy Keeper/el. EmtyTempFolder, IE-Spyad og SpywareGuard som minimum. De er alle gratis, fylder ikke meget, sløver ikke din pc og konflikter ikke med dine andre programmer Ønsker du ikke mange små prg. så kan du i stedet købe et prg. som Spy Sweeper. Den ligger også i pakken, hvor du kan læse lidt mere. Der ligger også et link til dansk manual. Jeg kan varmt anbefale dette prg. Jeg lukker så tråden Signatur Medlem af: Alliance of Security Analysis Professionals