mindre egenkapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Sikkerhed
Reload this Page

En anden iexplore>. <

Registrer Site Spy Medlem List Donate Søgning Dagens Stillinger Mark Forums Read Forum Regler

Register


 Default 

En anden iexplore>. <




Reply
Side 1 af 3 1 23
 
Thread Tools
  #1  
Old 17 januar 2008, 07:35
Ny Medlem Gruppen
  
Default En anden iexplore>. <

hey im har problemer med at explire virus ting sin været i gang i gerne en uge .. og fundet gerne en rimelig par forskellige vejledninger om, hvordan man kan ordne det, men de fleste gange det ville fortælle mig at slette filer, jeg gjorde ikke have ... og når Jeg forsøger udgangen proces på dem 2 nye processer vises i et par sekunder før iexplore dem komme tilbage ... noget lignende mp3sect og THIRDM ~ 3 ikke sikker på, om Thats relevante men ...

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ PnkBstrA.exe
C: \ Programmer \ Alcohol Soft \ Alcohol 52 \ StarWind \ StarWindServiceAE.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ Programmer \ Winfast \ WFTVFM \ WFWIZ.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe
C: \ Programmer \ Winamp \ winampa.exe
C: \ Programmer \ QuickTime \ qttask.exe
C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe
C: \ Programmer \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe
C: \ Programmer \ ANI \ ANIWZCS2 Service \ WZCSLDR2.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Programmer \ MSN Messenger \ msnmsgr.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ FRAPS \ FRAPS.EXE
C: \ Programmer \ Internet Explorer \ IEXPLORE.EXE
C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ Programmer \ VIA \ RAID \ raid_tool.exe
C: \ Programmer \ Internet Explorer \ IEXPLORE.EXE
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Programmer \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll (file mangler)
O2 - BHO: MSNToolBandBHO - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programmer \ MSN Apps \ MSN Toolbar \ 01.02.3000.1001 \ da-dk \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll (file mangler)
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ WINDOWS \ system32 \ \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [Winfast Schedule] C: \ Programmer \ Winfast \ WFTVFM \ WFWIZ.exe
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [ISUSPM Startup] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ isuspm.exe"-start
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [WinampAgent] C: \ Programmer \ Winamp \ winampa.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [D-Link AirPlus XtremeG] C: \ Programmer \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe
O4 - HKLM \ .. \ Run: [ANIWZCS2Service] C: \ Programmer \ ANI \ ANIWZCS2 Service \ WZCSLDR2.exe
O4 - HKLM \ .. \ Run: [Love standard globale rod] C: \ Documents and Settings \ All Users \ Application Data \ stor kul elsker default \ Tredje mp3.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Programmer \ MSN Messenger \ msnmsgr.exe" / baggrund
O4 - HKCU \ .. \ Run: [creativemore] C: \ DOCUME ~ 1 \ Andrew \ PROGRAMMER ~ 1 \ ERRORM ~ 1 \ Mp3Sect.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_8-reboot 1
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Programmer \ Alcohol Soft \ Alcohol 52 \ axcmd.exe" / automount
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Fraps] C: \ FRAPS \ FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C: \ Programmer \ VIA \ RAID \ raid_tool.exe
O8 - Extra sammenhæng menupunktet: & Google Search - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra sammenhæng menupunktet: & Oversæt engelsk ord - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra sammenhæng menupunkt: Historiske Links - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra sammenhæng menupunkt: Øjebliksbillede af side i cache - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Lignende sider - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra sammenhæng menupunkt: Oversæt side til dansk - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Ekstra knap: Run IMVU - (d9288080-1baa-4bc4-9cf8-a92d743db949) - C: \ Documents and Settings \ Andrew \ Menuen Start \ Programmer \ IMVU \ Run IMVU.lnk (filen mangler)
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O11 - Valg gruppe: [INTERNATIONAL] International *
O14 - IERESET.INF: START_PAGE_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (27527D31-447B-11D5-A46E-0001023B4289) (CoGSManager klasse) -- http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: (2917297F-F02B-4B9D-81DF-494B6333150B) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (2BC66F54-93A8-11D3-BEB6-00105AA9B6AE) (Symantec AntiVirus scanner) -- http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O17 - HKLM \ System \ CS1 \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM \ System \ CS3 \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: WBSrv - C: \ Programmer \ Stardock \ Object Desktop \ WindowBlinds \ wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C: \ Programmer \ ANI \ ANIWZCS2 Service \ ANIWZCSdS.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown ejer - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Ukendt ejer - C: \ Programmer \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ Win32 \ RpcDataSrv.exe (filen mangler)
O23 - Service: Sandra Service (SandraTheSrv) - Ukendt ejer - C: \ Programmer \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ RpcSandraSrv.exe (filen mangler)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Programmer \ Alcohol Soft \ Alcohol 52 \ StarWind \ StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ukendt ejer - C: \ Programmer \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe (filen mangler)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Ukendt ejer - C: \ WINDOWS \ system32 \ UAService7.exe
  #2  
Old 17 januar 2008, 09:34
Redaktør Gruppen
  
Default En anden iexplore>. <

Velkommen til TCF.

Lad os se, om vi kan rense dette op.

---------------

Hvorfor er der ingen antivirus på computeren?
  • Trin A er for folk, der siger ja til et af følgende forhold:
    • Du ikke har et antivirusprogram installeret.
    • Du har et antivirusprogram, der er udløbet.
  • Hvis svaret på et af ovenstående er ja.
    • Følge dette link og installere en af antivirus-programmerne på listen.
---------------

Deaktiver Spybot's TeaTimer

Mens TeaTimer er et fremragende værktøj til forebyggelse af spyware, kan det nogle gange forhindre, at vores redskaber fra om fastsættelse af visse ting.
Deaktiver TeaTimer for nu, indtil du er rene. TeaTimer kan aktiveres igen, når din logs er rene.

Først:
  • Højreklik Spybot i Systembakke (ligner en kalender med en hængelåssymbolet)
  • Vælge Afslut Spybot S & D Resident

Andet:
  • Åbn Spybot S & D
  • Klik på Mode, Check Advanced Mode
  • Gå til venstre panel, Klik Værktøj, Så også i venstre panel, klik Resident
  • Hvis din firewall rejser et spørgsmål, siger OK
  • Fjern markeringen i feltet Resident Te-Timer og OK enhver anledning.
  • Anvendelse Fil, Afslut til at opsige Spybot
  • Genstart din maskine for at ændringerne kan træde i kraft.

Tredje:

Med både Tea Timer og Spybot lukket download ResetTeaTimer.zip
  • Unzip filen.
  • Dobbeltklik ResetTeaTimer.bat at fjerne alle indtastninger er fastsat af Spybot's TeaTimer.
  • Når det er løb, kan du slette det. Det vil ikke være nødvendigt igen.

Bemærk: Hvis TeaTimer giver dig en advarsel, efter at nogle ændringer blev foretaget, tillade, at dette i stedet for at blokere den.

--------------

Download NoLop til din computer fra en af nedenstående links ...

Link 1
Link 2 [/ b]
  • Luk alle programmer, du har kørt siden en genstart er nødvendig
  • Dobbeltklik NoLop.exe at køre den
  • Næste, og klik på knappen: Search and Destroy
    <<your computer vil nu blive scannet for smittede files>>
  • Når scanningen er færdig, hvis det er inficeret, bliver du bedt om at genstarte
  • Klik på OK
  • Nu skal du klikke på: Genstart
  • Et budskab bør popup fra NoLop. Hvis ikke, dobbeltklik på programmet igen, og det vil finish.
  • Post indholdet af C: \ NoLop.log i næste svar.
Bemærk: Hvis du modtager en fejl, "mscomctl.ocx eller en af dens afhængigheder er ikke korrekt registreret," du downloade mscomctl.ocx til din System32 derefter gentagelsen programmet.

---------------

Åbn HijackThis og vælg Må en systemscanning kun derefter anbringe en markering ved siden af: (hvis der)

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = http://search.bearshare.com/search/index.html?src=ssb
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll (file mangler)
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll (file mangler)
O9 - Ekstra knap: Run IMVU - (d9288080-1baa-4bc4-9cf8-a92d743db949) - C: \ Documents and Settings \ Andrew \ Menuen Start \ Programmer \ IMVU \ Run IMVU.lnk (filen mangler)

Luk alle vinduer undtagen HijackThis og klik Fix kontrolleres

Afslut Hijackthis.

---------------

Hent Combofix af subs fra en af de nedenstående links.
(Prøv alle tre, hvis det er nødvendigt)VIGTIGT - Combofix.exe SKAL gemmes på dit Desktop.
  • Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, etc)
  • Luk / deaktiver alle anti-virus og anti malware-programmer så de ikke interfererer med Combofix. <- VIGTIGT
    • Klik på dette link at se en liste over programmer, der skal deaktiveres. Hvis din ikke er børsnoteret, og du ikke ved hvordan man deaktivere det, så spørg.
  • Dobbeltklik combofix.exe & følg instruktionerne.
    • Fra tastaturet vælge 1 og tryk Indtast
  • Når du er færdig, vil den udarbejde en log for dig.
  • Post at logge på din næste svar.
Må ikke mouseclick combofix vindue, mens den kører.
Scanningen deaktiverer midlertidigt skrivebordet.
Hvis afbrydes den kan forlade computeren indefryses.
Hvis dette sker, skal du genstarte at genoprette skrivebordet.


---------------

Næste post skal du tilføje
Combofix log
__________________
  #3  
Old 17 januar 2008, 18:03
Ny Medlem Gruppen
  
Default En anden iexplore>. <

NoLop! Log af Skate_Punk_21

Fix løber fra: C: \ Documents and Settings \ Andrew \ Desktop
[1/18/2008]
[11:38:54]

--- Infection Files Found/Removed---
C: \ WINDOWS \ opgaver \ AFBBB49A918C2D86.job

Begyndelse Removal ...
Genstart ...
Fjernelse skære's sidesten filer / mapper ...
Redigering Justitskontor ...
** Fix Complete! **

--- Liste AppData sub directories ---

C: \ Documents and Settings \ Administrator \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Age of Empires 3
C: \ Documents and Settings \ All Users \ Application Data \ Ahead
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7 - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Google
C: \ Documents and Settings \ All Users \ Application Data \ Great Kul Love Default
C: \ Documents and Settings \ All Users \ Application Data \ InstallShield
C: \ Documents and Settings \ All Users \ Application Data \ Internet Debug Mess Great - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
C: \ Documents and Settings \ All Users \ Application Data \ Locktime
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Corporation - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia
C: \ Documents and Settings \ All Users \ Application Data \ Nview_profiles - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Popwwprofiles
C: \ Documents and Settings \ All Users \ Application Data \ Quicktime
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
C: \ Documents and Settings \ All Users \ Application Data \ Symantec
C: \ Documents and Settings \ All Users \ Application Data \ Temp - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Ulead Systems
C: \ Documents and Settings \ All Users \ Application Data \ View Bash Låse RDR - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ synspunkt
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Winzip - EMPTY Directory
C: \ Documents and Settings \ All Users \ Application Data \ Yahoo - EMPTY Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Adobe
C: \ Documents and Settings \ Andrew \ Application Data \ Adobeaum
C: \ Documents and Settings \ Andrew \ Application Data \ Adobeum
C: \ Documents and Settings \ Andrew \ Application Data \ Ahead
C: \ Documents and Settings \ Andrew \ Application Data \ Apple Computer
C: \ Documents and Settings \ Andrew \ Application Data \ Aston - EMPTY Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Corel
C: \ Documents and Settings \ Andrew \ Application Data \ Cyberlink
C: \ Documents and Settings \ Andrew \ Application Data \ Dvdcss
C: \ Documents and Settings \ Andrew \ Application Data \ Errormags
C: \ Documents and Settings \ Andrew \ Application Data \ Freecap
C: \ Documents and Settings \ Andrew \ Application Data \ Google
C: \ Documents and Settings \ Andrew \ Application Data \ Gtopala
C: \ Documents and Settings \ Andrew \ Application Data \ Hamachi
C: \ Documents and Settings \ Andrew \ Application Data \ Help - EMPTY Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Identities
C: \ Documents and Settings \ Andrew \ Application Data \ Imvu
C: \ Documents and Settings \ Andrew \ Application Data \ Kazaa Lite
C: \ Documents and Settings \ Andrew \ Application Data \ Lavasoft - EMPTY Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Leadertech
C: \ Documents and Settings \ Andrew \ Application Data \ Locktime
C: \ Documents and Settings \ Andrew \ Application Data \ Macromedia
C: \ Documents and Settings \ Andrew \ Application Data \ Microsoft
C: \ Documents and Settings \ Andrew \ Application Data \ Mozilla
C: \ Documents and Settings \ Andrew \ Application Data \ Publish Providers - EMPTY Directory
C: \ Documents and Settings \ Andrew \ Application Data \ Real
C: \ Documents and Settings \ Andrew \ Application Data \ Sony
C: \ Documents and Settings \ Andrew \ Application Data \ Sony Setup
C: \ Documents and Settings \ Andrew \ Application Data \ søndag
C: \ Documents and Settings \ Andrew \ Application Data \ Symantec
C: \ Documents and Settings \ Andrew \ Application Data \ Teamspeak2
C: \ Documents and Settings \ Andrew \ Application Data \ Ubi.com
C: \ Documents and Settings \ Andrew \ Application Data \ Ventrilo
C: \ Documents and Settings \ Andrew \ Application Data \ VLC
C: \ Documents and Settings \ Andrew \ Application Data \ Wholesecurity
C: \ Documents and Settings \ Andrew \ Application Data \ WinRAR - EMPTY Directory
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ LocalService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft





ComboFix 08-01-18.3 - Andrew 2008-01-18 11:48:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.620 [GMT 11:00]
Kører fra: C: \ Documents and Settings \ Andrew \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt

ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.

((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ Andrew \ Application Data \ macromedia \ Flash Player \ # SharedObjects \ QUJR2VX6 \www.broadcaster.com
C: \ Documents and Settings \ Andrew \ Application Data \ macromedia \ Flash Player \ macromedia.com \ support \ flashplayer \ sys \ #www.broadcaster.com
C: \ Documents and Settings \ Andrew \ Application Data \ macromedia \ Flash Player \ macromedia.com \ support \ flashplayer \ sys \ #www.broadcaster.com \ settings.sol
C: \ Programmer \ winupdates
C: \ WINDOWS \ b.exe
C: \ Windows \ System32 \ Drivers \ sfsync02.sys
C: \ WINDOWS \ system32 \ mcrh.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))

.
------- \ LEGACY_SFSYNC02
------- \ sfsync02


((((((((((((((((((((((((( Files Created fra 2007-12-18 til 2008-01-18 ))))))))))) ))))))))))))))))))))
.

2008-01-18 11:47. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-18 11:39. 2008-01-18 11:42 <DIR> d -------- C: \ NoLopBackups
2008-01-16 23:41. 2008-01-16 23:42 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-15 10:53. 2008-01-15 10:53 <DIR> d -------- C: \ Programmer \ errormags
2008-01-14 23:52. 2008-01-14 23:52 81,920 - a ------ C: \ WINDOWS \ system32 \ frapsvid.dll
2008-01-09 22:56. 2008-01-09 22:56 <DIR> d -------- C: \ WINDOWS \ RegistryCleaner
2008-01-09 22:38. 2008-01-09 22:38 <DIR> d -------- C: \ Programmer \ Real
2008-01-09 22:38. 2008-01-09 22:38 <DIR> d -------- C: \ Programmer \ Common Files \ xing delt
2008-01-09 22:38. 2008-01-09 22:38 <DIR> d -------- C: \ Programmer \ Common Files \ Real
2008-01-04 11:03. 2008-01-16 11:45 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008-01-04 11:03. 2008-01-04 11:03 1.409 - a ------ C: \ WINDOWS \ QTFont.for
2008-01-03 18:15. 2008-01-09 23:38 <DIR> d -------- C: \ Programmer \ Spyware Terminator
2008-01-02 16:16. 2008-01-02 16:17 <DIR> d -------- C: \ Documents and Settings \ Andrew \ Application Data \ FreeCap
2007-12-31 15:02. 2007-12-31 15:02 <DIR> d -------- C: \ Programmer \ Google
2007-12-28 10:38. 2007-12-28 10:38 552 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2007-12-26 17:37. 2006-09-21 17:35 347.648-ra ------ C: \ Windows \ System32 \ Drivers \ A5AGU.sys
2007-12-26 17:37. 2006-09-21 17:35 149.544-ra ------ C: \ Windows \ System32 \ Drivers \ ar5523.bin
2007-12-26 17:37. 2006-09-21 17:35 24.576-ra ------ C: \ WINDOWS \ system32 \ DWLInst.dll
2007-12-26 17:37. 2007-12-26 17:37 7 - a ------ C: \ WINDOWS \ system32 \ ANIWZCSUSERNAME (1A9887E3-7A5B-4503-9F27-F2AC052C6352)
2007-12-26 17:12. 2007-12-26 17:12 <DIR> d -------- C: \ Programmer \ D-Link
2007-12-26 17:12. 2007-12-26 17:12 <DIR> d -------- C: \ Programmer \ ANI
2007-12-23 10:00. 2007-12-23 10:00 248 - a ------ C: \ WINDOWS \ RomeTW.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 00:55 --------- d --- aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-17 13:54 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ Lavasoft
2008-01-17 13:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-01-17 03:59 --------- d ----- w C: \ Programmer \ World of Warcraft
2008-01-16 12:42 --------- d ----- w C: \ Programmer \ Lavasoft
2008-01-16 12:41 --------- d ----- w C: \ Programmer \ Common Files \ Wise Installation Wizard
2008-01-15 12:56 --------- d - h - w C: \ Programmer \ InstallShield Installation Information
2008-01-15 12:53 --------- d ----- w C: \ Programmer \ Total War
2008-01-15 12:50 --------- d ----- w C: \ Programmer \ Sierra
2008-01-15 10:11 --------- d ----- w C: \ Programmer \ Windows Live Safety Center
2008-01-14 23:54 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ errormags
2008-01-14 23:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ stor kul kærlighed standard
2008-01-02 05:52 --------- d ----- w C: \ Programmer \ Yahoo!
2008-01-02 05:51 --------- d ----- w C: \ Programmer \ Sony
2007-12-31 02:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ VIEW Bash Låse RDR
2007-12-26 12:07 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ dvdcss
2007-12-21 23:32 --------- d ----- w C: \ Programmer \ Alcohol Soft
2007-12-21 06:59 22.328 ---- aw C: \ Windows \ System32 \ Drivers \ PnkBstrK.sys
2007-12-20 21:32 --------- d ----- w C: \ Documents and Settings \ Andrew \ Application Data \ Hamachi
2007-12-01 05:58 25.280 ---- aw C: \ Windows \ System32 \ Drivers \ hamachi.sys
2007-11-22 02:37 --------- d ----- w C: \ Programmer \ GALA-NET
2007-08-22 03:16 952 - sha-w C: \ WINDOWS \ system32 \ KGyGaAvL.sys
2007-05-20 08:59 730.843-csha-w C: \ WINDOWS \ system32 \ sstwa.bak1
2007-06-02 06:11 770.006-csh - w C: \ WINDOWS \ system32 \ sstwa.bak2
2007-06-02 06:13 768.855-csh - w C: \ WINDOWS \ system32 \ sstwa.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"creativemore" = "C: \ DOCUME ~ 1 \ Andrew \ PROGRAMMER ~ 1 \ ERRORM ~ 1 \ Mp3Sect.exe" [2008-01-15 10:53 457216]
"updateMgr" = "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-31 08:45 313472]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 00:56 15360]
"AlcoholAutomount" = "C: \ Programmer \ Alcohol Soft \ Alcohol 52 \ axcmd.exe" [2007-07-02 21:22 219008]
"Fraps" = "C: \ FRAPS \ FRAPS.EXE" [2008-01-14 23:53 913064]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 11:50 155648]
"NeroCheck" = "C: \ WINDOWS \ system32 \ \ NeroCheck.ex e" [2001-07-09 11:50 155648]
"nwiz" = "nwiz.exe" [2006-10-22 13:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"Winfast Schedule" = "C: \ Programmer \ Winfast \ WFTVFM \ WFWIZ.exe" [2006-03-21 06:53 327680]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 13:22 7700480]
"SpyHunter" = "" []
"ISUSPM Startup" = "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler" = "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2005-08-11 16:30 81920]
"WinampAgent" = "C: \ Programmer \ Winamp \ winampa.exe" [2007-05-15 09:22 35328]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ qttask.exe" [2007-04-27 10:41 282624]
"Adobe Photo Downloader" = "C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-07 00:46 57344]
"D-Link AirPlus XtremeG" = "C: \ Programmer \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe" [2006-07-07 11:56 1323008]
"ANIWZCS2Service" = "C: \ Programmer \ ANI \ ANIWZCS2 Service \ WZCSLDR2.exe" [2006-06-01 16:59 49152]
"Love standard globale rod" = "C: \ Documents and Settings \ All Users \ Application Data \ stor kul kærlighed default \ Tredje mp3.exe" [2008-01-18 11:56 1972224]
"TkBellExe" = "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-01-09 22:38 185896]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"RunNarrator" = "Narrator.exe" [2004-08-04 00:56 53760 C: \ WINDOWS \ system32 \ narrator.exe]

C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Adobe Reader Speed Launch.lnk - C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 23:05:26]
VIA RAID TOOL.lnk - C: \ Programmer \ VIA \ RAID \ raid_tool.exe [2004-11-12 17:31:02]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \ WBSrv]
C: \ Programmer \ Stardock \ Object Desktop \ WindowBlinds \ wbsrv.dll 2007-11-02 11:47 120056 C: \ Programmer \ Stardock \ Object Desktop \ WindowBlinds \ WbSrv.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = wbsys.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA]
Notification Packages REG_MULTI_SZ: \ WINDOWS \ syste

R0 viamraid; viamraid; C: \ Windows \ System32 \ Drivers \ viam raid.sys [2004-05-18 19:55]
R3 WFIOCTL; WFIOCTL; C: \ Programmer \ Winfast \ WFTVFM \ WFIOCTL.SYS [2005-01-07 08:55]
S3 A5AGU; D-Link USB Wireless Network Adapter Service; C: \ Windows \ System32 \ Drivers \ A5AGU.sys [2006-09-21 17:35]
S3 alcan5ln; SpeedTouch (tm) USB ADSL RFC1483 Networking Driver (midlertidige NDIS); C: \ Windows \ System32 \ Drivers \ alcan5ln.sys [2003-12-08 12:53]
S3 cel90xbe; cel90xbe; C: \ DOCUME ~ 1 \ Andrew \ LOCALS ~ 1 \ Temp \ cel90xbe.sys []

.
Indhold af "Planlagte opgaver" mappe
"2007-07-02 21:07:00 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Programmer \ Apple Software Update \ SoftwareUpdate.exe
"2008-01-17 09:29:40 C: \ WINDOWS \ Tasks \ Symantec NetDetect.job"
- C: \ Programmer \ Symantec \ LiveUpdate \ NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 11:56:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
--------------------- DLL'er Loaded Under Running Processes ---------------------

PROCESS: C: \ WINDOWS \ Explorer.EXE [6.00.2900.3156]
-> C: \ Programmer \ Stardock \ Object Desktop \ WindowBlinds \ tray.dll
.
Afslutning tid: 2008-01-18 11:59:05 - maskinen blev genstartet
ComboFix-karantæne-files.txt 2008-01-18 00:59:02
.
2008-01-16 12:15:55 --- EOF ---
  #4  
Old 17 januar 2008, 18:27
Redaktør Gruppen
  
Default En anden iexplore>. <

Ser man godt hidtil.


Please download DrWeb CureIt & Gemme den på dit skrivebord.

Scan med DrWeb-CureIt som følger:
  • Dobbeltklik på drweb-cureit.exe og klik derefter på Start.
  • En Express Scan af din pc meddelelse vil blive vist.
  • Under Start Express Scan Nu Klik på OK at starte.
    • Dette er en kort-scanning, der vil scanne filer i øjeblikket kører i hukommelsen.
    • Hvis eller når noget er fundet, skal du klikke på Ja knappen, når den beder dig, hvis du ønsker at helbrede den.
  • Når den korte scanningen er færdig, klik Valg> Skift indstillinger
  • Vælg den Scan fanen og Fjern markeringen Heuristisk analyse og klik OK
  • Tilbage i hovedvinduet, skal du vælge Komplet scanning knappen.
  • Klik derefter på Green Arrow Start Scanning knappen til højre og scanningen vil starte.
    • Klik på Ja til alle hvis den spørger om du vil helbrede / flytte nogen file (r).
  • Når scanningen er færdig.
  • I Dr.Web CureIt menuen øverst til venstre, klik på Fil og vælge Gem rapport liste.
  • Gem DrWeb.csv rapport til din Desktop.
  • Afslut Dr.Web Cureit.
  • Vigtigt! Genstart din computer, fordi det kunne være muligt, at filerne er i brug, vil blive flyttet / slettet under genstart.
  • Efter genstart, Højreklik på Det Dr.Web log på skrivebordet og vælge Åbn med> Notesblok
  • Kopier og indsæt at logge på det næste svar

----------

Kør en ny Hijackthis scanne og post loggen.

----------

Næste post skal du tilføje
Dr. weblogfilen
Ny Hijackthis log
__________________
  #5  
Old 17 januar 2008, 19:08
Ny Medlem Gruppen
  
Default En anden iexplore>. <

det plejer faktisk lade mig hente drweb curit fortæller mig den side kan ikke vises, når jeg prøver klik på download
  #6  
Old 17 januar 2008, 19:13
Redaktør Gruppen
  
Default En anden iexplore>. <

Prøv dette link.

ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
__________________
  #7  
Old 17 januar 2008, 19:15
Ny Medlem Gruppen
  
Default En anden iexplore>. <

siger det samme>. <
  #8  
Old 17 januar 2008, 19:20
Redaktør Gruppen
  
Default En anden iexplore>. <

Strange, vil vi forsøge med en anden rute derefter.

Please download ATF Cleaner ved Atribune. ATF Cleaner.exe

Sørg for, at alle browser vinduer er lukket.
  • Dobbeltklik på ATF-Cleaner.exe at køre programmet.
  • Under Main vælge: Vælg Alle og Fjern markeringen Cookies.
  • Klik på Tomme Udvalgte knappen.
Hvis du bruger Firefox browser
  • Klik Firefox øverst og vælge: Vælg Alle og Fjern markeringen Cookies.
  • Klik på Tom Valgte knap.
    BEMÆRK: Hvis du gerne vil holde dine gemte adgangskoder, skal du klikke Nej ved prompten.
Hvis du bruger Opera browser
  • Klik på Opera øverst og vælge: Vælg Alle og Fjern markeringen Cookies.
  • Klik på Tomme Udvalgte knappen.
    BEMÆRK: Hvis du gerne vil holde dine gemte adgangskoder, skal du klikke Nej ved prompten.
Klik på Afslut om de vigtigste ATF Cleaner menuen for at lukke programmet.

---------------

Gå til Dette indlæg og få AVG Antispyware. Følg vejledningen for at konfigurere den til at rengøre og gemme log for den næste post.

Næste post skal du tilføje
AVG log
Ny Hijackthis log
__________________
  #9  
Old 17 januar 2008, 20:27
Ny Medlem Gruppen
  
Default En anden iexplore>. <

couldnt find blev avg havde gjort en logfil ... så jeg bare tog et skærmbillede af, hvad det konstateret ... håber u kan stadig få info u behov fra at

http://img253.imageshack.us/my.php?image=avgak0.png

O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Programmer \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [WinampAgent] C: \ Programmer \ Winamp \ winampa.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Programmer \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [D-Link AirPlus XtremeG] C: \ Programmer \ D-Link \ AirPlus XtremeG \ AirPlusCFG.exe
O4 - HKLM \ .. \ Run: [ANIWZCS2Service] C: \ Programmer \ ANI \ ANIWZCS2 Service \ WZCSLDR2.exe
O4 - HKLM \ .. \ Run: [Love standard globale rod] C: \ Documents and Settings \ All Users \ Application Data \ stor kul elsker default \ Tredje mp3.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimeret
O4 - HKCU \ .. \ Run: [creativemore] C: \ DOCUME ~ 1 \ Andrew \ PROGRAMMER ~ 1 \ ERRORM ~ 1 \ Mp3Sect.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_8-reboot 1
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [AlcoholAutomount] "C: \ Programmer \ Alcohol Soft \ Alcohol 52 \ axcmd.exe" / automount
O4 - HKCU \ .. \ Run: [Fraps] C: \ FRAPS \ FRAPS.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Programmer \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C: \ Programmer \ VIA \ RAID \ raid_tool.exe
O8 - Extra sammenhæng menupunktet: & Google Search - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra sammenhæng menupunktet: & Oversæt engelsk ord - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra sammenhæng menupunkt: Historiske Links - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra sammenhæng menupunkt: Øjebliksbillede af side i cache - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ EXCEL.EXE/3000
O8 - Extra sammenhæng menupunkt: Lignende sider - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra sammenhæng menupunkt: Oversæt side til dansk - res: / / C: \ Programmer \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mangler)
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O11 - Valg gruppe: [INTERNATIONAL] International *
O14 - IERESET.INF: START_PAGE_URL = http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (Dam klasse) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (27527D31-447B-11D5-A46E-0001023B4289) (CoGSManager klasse) -- http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: (2917297F-F02B-4B9D-81DF-494B6333150B) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (2BC66F54-93A8-11D3-BEB6-00105AA9B6AE) (Symantec AntiVirus scanner) -- http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN Photo Upload Tool) -- http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O17 - HKLM \ System \ CS1 \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM \ System \ CCS \ Services \ VxD \ MSTCP: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: WBSrv - C: \ Programmer \ Stardock \ Object Desktop \ WindowBlinds \ wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C: \ Programmer \ ANI \ ANIWZCS2 Service \ ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Programmer \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown ejer - C: \ WINDOWS \ system32 \ PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Ukendt ejer - C: \ Programmer \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ Win32 \ RpcDataSrv.exe (filen mangler)
O23 - Service: Sandra Service (SandraTheSrv) - Ukendt ejer - C: \ Programmer \ SiSoftware \ SiSoftware Sandra Lite 2007.SP1 \ RpcSandraSrv.exe (filen mangler)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C: \ Programmer \ Alcohol Soft \ Alcohol 52 \ StarWind \ StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ukendt ejer - C: \ Programmer \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe (filen mangler)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Ukendt ejer - C: \ WINDOWS \ system32 \ UAService7.exe
  #10  
Old 17 januar 2008, 20:39
Redaktør Gruppen
  
Default En anden iexplore>. <

Thats fine, jeg primært ønsker at se, at du har slettet / karantæne, hvad der blev fundet. Mange mennesker tager en time kører scanningen og bruge nr. aktion mulighed. Spilde tid .............

Du afbrød toppen af HJT log. Behov det hele indsendt.
__________________
Reply
Side 1 af 3 1 23

Register

Bogmærker

Lignende Tråde
Tråd Thread Starter Forum Svar Last Post
Iexplore.exe electra369 Virus, Spyware & Sikkerhed 1 12 januar 2009 00:16
Iexplore virus og nogle mere? rreiss Virus, Spyware & Sikkerhed 1 19 oktober 2008 18:46
Iexplore.exe # 3 jman8700 Virus, Spyware & Sikkerhed 8 29. maj 2008 10:39
Iexplore.exe # 2 opetke Virus, Spyware & Sikkerhed 3 3 februar 2008 16:18
Iexplore.exe rsteenoven Virus, Spyware & Sikkerhed 19 16 januar 2008 14:02
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Privacy -- Sitemap -- Top

Annoncenetværk baseret på bytteøkonomi ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO ved vBSEO © 2009, websteds egnethed til webcrawling, Inc.