mindre egenkapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, spionprogrammer og sikkerhet
Reload this Page

Endless søk ... og dumme Firefox ...

Registrer Site Spy Member List Donate Søke Dagens innlegg Marker forumene som lest Forum Rules

Register


 Default 

Endless søk ... og dumme Firefox ...




Reply
 
Thread Tools
  #1  
Old 5te 2008 jan 10:26
Medlem Group
  
Default Endless søk ... og dumme Firefox ...

Vel, jeg har aldri sett dette før, men når jeg klikker på søkeknappen fra vinduer og gjøre noen søk det holder "søker" for filene selv om jeg klikker på stopp-knappen, er jeg ikke sikker på om er et virus, men virkelig plager meg forårsake hvis jeg ønsker å søke etter en annen fil så jeg har for å lukke dette vinduet og åpne den igjen ...

En annen ting som stadig plager meg er at når jeg er i firefox for eksempel hvis im se en video på youtube fullskjermmodus går til liten skjerm bestemt tid igjen og igjen, eller hvis jeg skriver noe, for noe mystisk grunn I cant skriver lenger, som om jeg har valgt et annet vindu eller noe ... så jeg må klikke i Firefox på nytt for å fortsette mitt typing (som hadde skjedd mer enn 10 ganger i løpet av denne lille msg ... kjører meg sprø, im fortelle deg!)

PCen er fungerende rare og karpersky antivirus sier jeg ikke noe galt ...

Jeg har jobbet med datamaskiner for lang tid nå, men dette er noe jeg har ikke sett og har ikke hørt ennå ... kan im bli paranoid
  #2  
Old 5te 2008 jan 10:44
Moderator Group
  
Default Endless søk ... og dumme Firefox ...

Kan ta en nærmere titt.

Last ned og endre navn HijackThis (HJT)
  • Dobbeltklikk på HJTInstall.
  • Klikk på Installer knappen.
  • Det vil automatisk plass HJT i C: \ Programfiler \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Ved å installere, HijackThis skal åpne for deg.
    • Lukk HijackThis og endre navnet.
    • Gå til C: \ Programfiler \ Trend Micro \HijackThis.exe
    • Høyreklikk på HijackThis.exe og velg Rename.
    • Skriv inn sniper.exe og trykk Angi.
    • Høyreklikksniper.exe og velg Send til > Desktop (opprette snarvei)
  • Fra skrivebordet åpner HiackThis.
  • Hvis du bruker Windows Vista, må du Kjør som Administrator
  • Klikk på Gjør et system skanne og lagre en loggfil knappen
  • HijackThis skanner og deretter en logg åpnes i notepad.
  • Kopier og lim loggen i innlegget.
    • Ikke har Hijackthis fikse noe ennå. Det meste av det de finner vil være harmløs eller kreves.
Selv om vi har omdøpt HijackThis til snikskytter, vi vil likevel se det som HijackThis eller HJT.
__________________
  #3  
Old 5te 2008 jan 11:08
Medlem Group
  
Default Endless søk ... og dumme Firefox ...

Dette er hva jeg får:

**************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 02:08:32 pm, on 05/01/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Archivos de Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
C: \ Archivos de Program \ LogMeIn \ x86 \ RaMaint.exe
C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Dllhost.exe
C: \ WINDOWS \ Explorer.exe
C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ WINDOWS \ system32 \ SVOHOST.exe
C: \ Archivos de Program \ DAEMON Tools \ daemon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Archivos de Program \ Microsoft Office \ Office11 \ Winword.exe
C: \ Archivos de Program \ Skype \ Phone \ Skype.exe
C: \ Archivos de Program \ Mozilla Firefox \ firefox.exe
C: \ Archivos de Program \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
F2 - REG: system.ini: UserInit = C: \ WINDOWS \ system32 \ userinit.exe C: \ WINDO var \ system32 \ ODBCJET.exe,
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de Program \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKLM \ .. \ Run: [SoundMam] C: \ WINDOWS \ system32 \ SVOHOST.exe
O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Archivos de Program \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de Program \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de Program \ GameSpy \ kamerat \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-19 \ .. \ RunOnce: [nltide1] cmd.exe / C move / Y "% SystemRoot% \ System32 \ syssetub.dll" "% SystemRoot% \ System32 \ syssetup.dll" (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de røde ")
O4 - HKUS \ S-1-5-20 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Servicio de røde ")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [nltide3] cmd.exe / C rundll32 advpack.dll, LaunchINFSectionEx nLite.inf, C,, 4, N (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restriksjoner presentere
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel presentere
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restriksjoner presentere
O8 - Extra sammenheng menyelement: E & xportar en Microsoft Excel - res: / / C: \ Archiv ~ 1 \ micros ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra knappen: referanse - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ micros ~ 1 \ Office11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2
O20 - Winlogon Notify: usbmon - C: \ WINDOWS \ system32 \ usbmons.dll
O23 - Service: ABBYY FineReader 9.0 Lisensiering Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
O23 - Service: Ares chatterom server (AresChatServer) - Ares Development Group - C: \ Archivos de Program \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C: \ Archivos de Program \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C: \ Archivos de Program \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doctor hjelpesystemer Service (sdAuxService) - PC Tools - C: \ Archivos de Program \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Archivos de Program \ Spyware Doctor \ swdsvc.exe

--
End of file - 5942 bytes
  #4  
Old 5te 2008 jan 11:24
Moderator Group
  
Default Endless søk ... og dumme Firefox ...

Ja, du har noen ekle seg på der.

1. Det har deaktivert antivirus.
2. Det er en masse-mailing ormen med bakdør og keylogging evner.
3. Det har satt restriksjoner på Kontrollpanel.

---------------

Last ned Combofix av ubåter fra enten her eller her

VIKTIG - Lagre Combofix.exe til skrivebordet ditt.
  • Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.)
  • Dobbeltklikk combofix.exe og følg instruksjonene.
  • Fra tastaturet velger 1 og trykk Angi
  • Når du er ferdig, vil den produsere en logg for deg.
  • Post denne loggen i din neste svaret.
Ikke mouseclick combofix's vinduet mens den kjører. Det kan føre til at datamaskinen stall


Neste innlegg kan du legge
combofix log
ny hijackthis logg
__________________
  #5  
Old 5te 2008 jan 12:33
Medlem Group
  
Default Endless søk ... og dumme Firefox ...

ComboFix 08-01-06.3 - Administrator 2008-01-05 14:48:48.1 - NTFSx86
Se ejecuta desde: C: \ Documents and Settings \ Administrator \ Escritorio \ ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))) )))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ install.exe
C: \ WINDOWS \ system32 \ svohost.exe
C: \ WINDOWS \ system32 \ winscok.dll

.

(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))) )))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 18:49 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ Skype
2008-01-05 15:21 --------- d --- aw C: \ Documents and Settings \ All Users \ Datos de Program \ Temp
2008-01-05 13:00 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ Azureus
2007-12-26 22:39 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ U3
2007-12-24 14:38 --------- d - h - w C: \ Archivos de Program \ InstallShield Installasjonsinformasjon
2007-12-23 04:15 --------- d ----- w C: \ Archivos de Program \ Azureus
2007-12-13 14:40 11.973 ---- aw C: \ WINDOWS \ system32 \ drivers \ secdrv.sys
2007-12-11 15:46 --------- d ----- w C: \ Archivos de Program \ Archivos comunes \ InstallShield
2007-12-05 20:12 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ Jam Software
2007-12-05 20:09 --------- d ----- w C: \ Archivos de Program \ Jam Software
2007-12-04 19:25 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos de Program \ Office Genuine Advantage
2007-12-03 15:32 --------- d ----- w C: \ Archivos de Program \ FinalData
2007-12-02 17:05 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ Media Player Classic
2007-12-02 16:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos de Program \ WM
2007-12-02 14:42 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ WM
2007-12-02 14:39 --------- d ----- w C: \ Archivos de Program \ Word Magic Software
2007-12-02 00:44 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ BSplayer Pro
2007-12-02 00:19 70.656 ---- aw C: \ WINDOWS \ ScUnin.exe
2007-11-30 22:17 --------- d ----- w C: \ Archivos de Program \ DivX
2007-11-30 22:01 --------- d ----- w C: \ Archivos de Program \ Microsoft Works
2007-11-30 21:45 --------- d ----- w C: \ Documents and Settings \ Dimart \ Datos de Program \ Talkback
2007-11-30 21:19 --------- d ----- w C: \ Archivos de Program \ DAEMON Tools
2007-11-30 21:13 685.816 ---- aw C: \ WINDOWS \ system32 \ drivers \ sptd.sys
2007-11-30 20:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos de Program \ Azureus
2007-11-30 13:42 --------- d ----- w C: \ Documents and Settings \ Administrator \ Datos de Program \ Talkback
2007-11-30 12:38 220.160 ---- aw C: \ WINDOWS \ system32 \ uxtheme.dll
2007-11-30 12:38 --------- d ----- w C: \ Archivos de Program \ Skype
2007-11-30 12:37 --------- d ----- w C: \ Documents and Settings \ All Users \ Datos de Program \ Apple Computer
2007-11-30 12:37 --------- d ----- w C: \ Archivos de Program \ Windows Media Connect 2
2007-11-30 12:37 --------- d ----- w C: \ Archivos de Program \ Real Alternative
2007-11-30 12:37 --------- d ----- w C: \ Archivos de Program \ QuickTime Alternative
2007-11-30 12:37 --------- d ----- w C: \ Archivos de Program \ Media Player Classic
2007-11-30 12:35 --------- d ----- w C: \ Archivos de Program \ K-Lite Codec Pack
2007-11-30 12:35 --------- d ----- w C: \ Archivos de Program \ Java
2007-11-30 12:35 --------- d ----- w C: \ Archivos de Program \ Archivos comunes \ Java
2007-11-30 12:34 --------- d ----- w C: \ Archivos de Program \ Webteh
2007-11-30 12:34 --------- d ----- w C: \ Archivos de Program \ Lavalys
2007-11-30 12:34 --------- d ----- w C: \ Archivos de Program \ Archivos comunes \ Adobe
2007-11-30 12:23 --------- d ----- w C: \ Archivos de Program \ Archivos comunes \ MSSoap
2007-11-30 12:15 --------- d ----- w C: \ Archivos de Program \ Archivos comunes \ SpeechEngines
2007-11-30 12:15 --------- d ----- w C: \ Archivos de Program \ Archivos comunes \ ODBC
2007-11-15 22:46 23.736 ---- aw C: \ WINDOWS \ system32 \ lmimirr.dll
2007-11-15 22:46 10.040 ---- aw C: \ WINDOWS \ system32 \ lmimirr2.dll
2007-11-14 07:28 450.560 ------ w C: \ WINDOWS \ system32 \ dllcache \ jscript.dll
2007-10-30 10:17 3.079.680 ---- aw C: \ WINDOWS \ system32 \ dllcache \ mshtml.dll
2007-10-29 22:43 1.293.824 ---- aw C: \ WINDOWS \ system32 \ Quartz.dll
2007-10-29 22:43 1.293.824 ------ w C: \ WINDOWS \ system32 \ dllcache \ Quartz.dll
2007-10-25 16:56 8.496.640 ------ w C: \ WINDOWS \ system32 \ dllcache \ Shell32.dll
2007-10-25 13:28 222.720 ---- aw C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-25 13:28 222.720 ------ w C: \ WINDOWS \ system32 \ dllcache \ wmasf.dll
2007-10-20 00:56 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll
2007-10-20 00:56 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll
2007-10-18 15:31 51.224 ---- aw C: \ WINDOWS \ system32 \ sirenacm.dll
2007-10-11 06:12 96.768 ------ w C: \ WINDOWS \ system32 \ dllcache \ inseng.dll
2007-10-11 06:12 662.016 ------ w C: \ WINDOWS \ system32 \ dllcache \ Wininet.dll
2007-10-11 06:12 616.448 ---- aw C: \ WINDOWS \ system32 \ dllcache \ urlmon.dll
2007-10-11 06:12 55.808 ------ w C: \ WINDOWS \ system32 \ dllcache \ extmgr.dll
2007-10-11 06:12 532.480 ------ w C: \ WINDOWS \ system32 \ dllcache \ mstime.dll
2007-10-11 06:12 474.624 ---- aw C: \ WINDOWS \ system32 \ dllcache \ Shlwapi.dll
2007-10-11 06:12 449.024 ------ w C: \ WINDOWS \ system32 \ dllcache \ mshtmled.dll
2007-10-11 06:12 39.424 ------ w C: \ WINDOWS \ system32 \ dllcache \ pngfilt.dll
2007-10-11 06:12 357.888 ------ w C: \ WINDOWS \ system32 \ dllcache \ dxtmsft.dll
2007-10-11 06:12 251.392 ------ w C: \ WINDOWS \ system32 \ dllcache \ Iepeers.dll
2007-10-11 06:12 205.312 ------ w C: \ WINDOWS \ system32 \ dllcache \ Dxtrans.dll
2007-10-11 06:12 16.384 ------ w C: \ WINDOWS \ system32 \ dllcache \ jsproxy.dll
2007-10-11 06:12 151.552 ---- aw C: \ WINDOWS \ system32 \ dllcache \ cdfview.dll
2007-10-11 06:12 146.432 ------ w C: \ WINDOWS \ system32 \ dllcache \ msrating.dll
2007-10-11 06:12 1.495.040 ---- aw C: \ WINDOWS \ system32 \ dllcache \ shdocvw.dll
2007-10-11 06:12 1.056.256 ------ w C: \ WINDOWS \ system32 \ dllcache \ danim.dll
2007-10-11 06:12 1.023.488 ---- aw C: \ WINDOWS \ system32 \ dllcache \ browseui.dll
2007-10-10 11:16 18.432 ------ w C: \ WINDOWS \ system32 \ dllcache \ iedw.exe
2006-11-07 14:29 145.920 ---- aw C: \ WINDOWS \ inf \ hdaudio.sys
2006-09-05 08:18 20.992 - SHA-r C: \ WINDOWS \ system32 \ usbmons.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))) ))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
* Nota * entradas vacías & entradas legítimas predeterminadas ingen sønn mostradas

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DAEMON Tools" = "C: \ Archivos de Program \ DAEMON Tools \ daemon.exe" [2007-09-18 10:16 171464]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-19 08:42 30208]
"MsnMsgr" = "C: \ Archivos de Program \ Windows Live \ Messenger \ MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Comrade.exe" = "C: \ Archivos de Program \ GameSpy \ kamerat \ Comrade.exe" [2007-12-20 13:47 36864]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LogMeIn GUI" = "C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeInSystray.exe" [2007-08-03 15:09 63048]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-19 08:42 30208]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ policies \ system]
"DisableStatusMessages" = 0 (0x0)
"HideShutdownScripts" = 0 (0x0)
"RunLogonScriptSync" = 0 (0x0)
"RunStartupScriptSync" = 0 (0x0)
"HideStartupScripts" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ cur rentversion \ policies \ system]
"NoDispCPL" = 0 (0x0)
"NoDispAppearancePage" = 0 (0x0)
"NoDispScrSavPage" = 0 (0x0)
"NoDispSettingsPage" = 0 (0x0)
"NoVisualStyleChoice" = 0 (0x0)
"NoColorChoice" = 0 (0x0)
"NoSizeChoice" = 0 (0x0)
"DisableLockWorkstation" = 0 (0x0)
"DisableChangePassword" = 0 (0x0)
"HideLogonScripts" = 0 (0x0)
"HideLogoffScripts" = 0 (0x0)
"HideLegacyLogonScripts" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Policies \ Explorer]
"NoDesktopCleanupWizard" = 1 (0x1)
"ForceClassicControlPanel" = 1 (0x1)
"NoWelcomeScreen" = 0 (0x0)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ cur rentversion \ Policies \ Explorer]
"NoThemesTab" = 0 (0x0)
"NoChangeKeyboardNavigationIndicators" = 0 (0x0)
"NoChangeAnimation" = 0 (0x0)
"NoAddPrinter" = 0 (0x0)
"NoDeletePrinter" = 0 (0x0)
"RestrictCpl" = 0 (0x0)
"DisallowCpl" = 0 (0x0)
"NoViewOnDrive" = 0 (0x0)
"RestrictRun" = 0 (0x0)
"DisallowRun" = 0 (0x0)
"NoRecycleFiles" = 0 (0x0)
"ForceRecycleBinSize" = 0 (0x0)
"NoCustomizeWebView" = 0 (0x0)
"NoViewContextMenu" = 0 (0x0)
"NoWinKeys" = 0 (0x0)
"NoFileAssociate" = 0 (0x0)
"NoDFSTab" = 0 (0x0)
"NoInstrumentation" = 0 (0x0)
"NoCustomizeThisFolder" = 0 (0x0)
"NoWebView" = 0 (0x0)
"DontShowSuperHidden" = 0 (0x0)
"NoOnlinePrintsWizard" = 0 (0x0)
"NoPublishingWizard" = 0 (0x0)
"NoRun" = 0 (0x0)
"NoSMConfigurePrograms" = 0 (0x0)
"NoSMMyPictures" = 0 (0x0)
"NoStartMenuMyMusic" = 0 (0x0)
"NoFavoritesMenu" = 0 (0x0)
"NoHelp" = 0 (0x0)
"NoCommonGroups" = 0 (0x0)
"NoFind" = 0 (0x0)
"NoFolderOptions" = 0 (0x0)
"NoStartMenuMFUprogramsList" = 0 (0x0)
"NoStartMenuPinnedList" = 0 (0x0)
"NoUserNameInStartMenu" = 0 (0x0)
"NoStartMenuMorePrograms" = 0 (0x0)
"NoStartMenuEjectPC" = 0 (0x0)
"NoSimpleStartMenu" = 0 (0x0)
"ForceStartMenuLogoff" = 0 (0x0)
"StartMenuLogoff" = 0 (0x0)
"NoStartMenuSubFolders" = 0 (0x0)
"NoDisconnect" = 0 (0x0)
"NoNtSecurity" = 0 (0x0)
"NoSetFolders" = 0 (0x0)
"GreyMSIAds" = 0 (0x0)
"ForceMaxRecentDocs" = 0 (0x0)
"NoSMBalloonTip" = 0 (0x0)
"NoSMBalloonTips" = 0 (0x0)
"NoTrayContextMenu" = 0 (0x0)
"LockTaskbar" = 0 (0x0)
"HideClock" = 0 (0x0)
"NoTaskGrouping" = 0 (0x0)
"NoActiveDesktopChanges" = 0 (0x0)
"NoWebServices" = 0 (0x0)
"NoFileUrl" = 0 (0x0)
"NoBandCustomize" = 0 (0x0)
"NoToolbarCustomize" = 0 (0x0)
"NoExpandedNewMenu" = 0 (0x0)
"SpecifyDefaultButtons" = 0 (0x0)
"NoRecentDocsNetHood" = 0 (0x0)
"EnforceShellExtensionSecurity" = 0 (0x0)
"NoClose" = 0 (0x0)
"NoLogOff" = 0 (0x0)
"NoRunasInstallPrompt" = 0 (0x0)
"PromptRunasInstallNetPath" = 1 (0x1)
"NoResolveTrack" = 0 (0x0)
"NoResolveSearch" = 0 (0x0)
"NoDevMgrUpdate" = 0 (0x0)
"NoThumbnailCache" = 0 (0x0)
"ForceCopyAclwithFile" = 0 (0x0)
"StartRunNoHOMEPATH" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C: \ WINDOWS \ system32 \ LMIinit.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Caffe-Server]
- en ------ 2006-07-09 15:27 4803072 C: \ Programfiler \ Caffe \ Server.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Cmaudio]


[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
- en ------ 2004-08-19 08:42 30208 C: \ WINDOWS \ system32 \ Ctfmon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxhkcmd]
- en ------ 2005-09-20 10:32 77824 C: \ WINDOWS \ system32 \ hkcmd.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxpers]
- en ------ 2005-09-20 10:36 114688 C: \ WINDOWS \ system32 \ igfxpers.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ igfxtray]
- en ------ 2005-09-20 10:35 94208 C: \ WINDOWS \ system32 \ igfxtray.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Kis]
C: \ Archivos de Program \ Kaspersky Lab \ Kaspersky Internet Security 6.0 \ avp.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ msnmsgr]
C: \ Archivos de Program \ MSN Messenger \ msnmsgr.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ TaskSwitchXP]
C: \ Archivos de Program \ TaskSwitchXP \ TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent]
C: \ Archivos de Program \ Winamp \ winampa.exe

R1 NtFsLdf20; NtFsLdf20; C: \ WINDOWS \ system32 \ drivers \ Nt FsLdf20.sys [2002-07-04 13:52]
R2 LMIInfo; LogMeIn Kernel Information Provider; C: \ Archivos de Program \ LogMeIn \ x86 \ RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver; LogMeIn Remote File System Driver; C: \ WINDOWS \ system32 \ drivers \ LMIRfsDriver.sy s [2007-08-03 15:09]
R3 usbscan; Controlador de escáner USB, C: \ WINDOWS \ system32 \ drivers \ usbscan.sys [2006-08-17 21:32]
S2 ABBYY.Licensing.FineReader.Professional.9.0; ABBYY FineReader 9.0 Licensing Service; "C: \ Archivos de Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe" [2007-09-25 00:11]
S3 bepldr; BCL easyPDF SDK 5 Loader; "C: \ Archivos de Program \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe" [2007-08-22 16:19]
S3 USBSTOR; Dispositivo de almacenamiento masivo de datos USB, C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ svchost]
LocalService REG_MULTI_SZ Alerter WebClient LMHOSTS upnphost SSDPSRV

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (5714de88-a427-11dc-861c-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (68ae8df5-aca4-11dc-81b1-00196604d2ae)]
\ Shell \ AutoRun \ command - auto.exe
\ Shell \ utforske \ Command - RavMon.exe-e
\ Shell \ Open \ Command - RavMon.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (805ec9a7-a004-11dc-8615-00196604d2ae)]
\ Shell \ AutoRun \ command - G: \ LaunchU3.exe-en

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef7850-a108-11dc-8619-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef78aa-a108-11dc-8619-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (92ef78b4-a108-11dc-8619-00196604d2ae)]
\ Shell \ Auto \ command - H: \ Cn911.exe
\ Shell \ AutoRun \ command - C: \ WINDOWS \ system32 \ rundll32.exe Shell32.dll, ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (b05019b3-a665-11dc-a263-00196604d2ae)]
\ Shell \ AutoRun \ command - ntde1ect.com
\ Shell \ utforske \ Command - ntde1ect.com
\ Shell \ Open \ Command - ntde1ect.com

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (d79ae692-9f95-11dc-8614-00196604d2ae)]
\ Shell \ AutoRun \ command - G: \ ntde1ect.com
\ Shell \ utforske \ Command - G: \ ntde1ect.com
\ Shell \ Open \ Command - G: \ ntde1ect.com

* Newly Created Service * - COMSYSAPP
* Newly Created Service * - PROCEXP90
.
Innhold de carpeta 'Tareas Programadas'
"2007-12-08 20:22:33 C: \ WINDOWS \ Tasks \ McDefragTask.job"
.
************************************************** ************************

CatchMe 0.3.1344 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:51:38
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

diskfeil: C: \ WINDOWS \

************************************************** ************************

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ c atchme]
"ImagePath" = "\? \ C: \ Windows \ Temp \ catchme.sys"
.
--------------------- DLLer cargados Bajo los procesos no ejecución ---------------------

PROSESSEN: C: \ WINDOWS \ system32 \ Winlogon.exe
-> C: \ WINDOWS \ system32 \ usbmons.dll
.
Tiempo completado: 2008-01-06 14:52:51
ComboFix-karantene-files.txt 2008-01-06 18:51:58
.
2007-12-18 03:51:13 --- EOF ---


Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 03:32:28 pm, on 06/01/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Archivos de Program \ LogMeIn \ x86 \ RaMaint.exe
C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeIn.exe
C: \ Archivos de Program \ Archivos comunes \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ HPZipm12.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeInSystray.exe
C: \ Archivos de Program \ DAEMON Tools \ daemon.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ system32 \ Dllhost.exe
C: \ WINDOWS \ explorer.exe
C: \ Archivos de Program \ Mozilla Firefox \ firefox.exe
C: \ Archivos de Program \ Microsoft Office \ Office11 \ Winword.exe
C: \ Archivos de Program \ Trend Micro \ HijackThis \ asdf.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Archivos de Program \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Archivos de Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [LogMeIn GUI] "C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeInSystray.exe"
O4 - HKCU \ .. \ Run: [DAEMON Tools] "C: \ Archivos de Program \ DAEMON Tools \ daemon.exe"-lang 1033
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Archivos de Program \ Windows Live \ Messenger \ MsnMsgr.Exe" / background
O4 - HKCU \ .. \ Run: [Comrade.exe] C: \ Archivos de Program \ GameSpy \ kamerat \ Comrade.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio LOKALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Servicio de røde ")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Toolbars \ Restriksjoner presentere
O8 - Extra sammenheng menyelement: E & xportar en Microsoft Excel - res: / / C: \ Archiv ~ 1 \ micros ~ 1 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Consola de Sun Java - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Archivos de Program \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra knappen: referanse - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ Archiv ~ 1 \ micros ~ 1 \ Office11 \ REFIEBAR.DLL
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/ES-LA/.../GAME_UNO1.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Klassifikasjon) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (BAA62A6B-DD15-4E55-A719-401AF676E3A9): NameServer = 10.0.0.1,10.0.0.2
O23 - Service: ABBYY FineReader 9.0 Lisensiering Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C: \ Archivos de Program \ ABBYY FineReader 9.0 \ NetworkLicenseServer.exe
O23 - Service: Ares chatterom server (AresChatServer) - Ares Development Group - C: \ Archivos de Program \ Ares \ chatServer.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C: \ Archivos de Program \ Archivos comunes \ BCL Technologies \ easyPDF 5 \ bepldr.exe
O23 - Service: indekseringstjenesten (CiSvc) - Unknown owner - C: \ WINDOWS \ system32 \ cisvc.exe (fil mangler)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C: \ Archivos de Program \ LogMeIn \ x86 \ RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C: \ Archivos de Program \ LogMeIn \ x86 \ LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Spyware Doctor hjelpesystemer Service (sdAuxService) - PC Tools - C: \ Archivos de Program \ Spyware Doctor \ svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C: \ Archivos de Program \ Spyware Doctor \ swdsvc.exe

--
End of file - 4754 bytes
  #6  
Old 5te 2008 jan 12:52
Moderator Group
  
Default Endless søk ... og dumme Firefox ...

Som fikk noen av dem men det er fortsatt mer.

Laste ned SDFix.exe og lagre det til skrivebordet ditt.

Dobbeltklikk SDFix.exe og det vil pakke ut filene i% systemdrive%
(Stasjonen som inneholder Windows-katalogen, vanligvis C: \ SDFix)

Fyll deretter starte datamaskinen på nytt i Sikkermodus ved å gjøre følgende:
  • Start maskinen på nytt
  • Etter å ha hørt maskinen piper én gang under oppstart, men før Windows vises, trykker du F8 kontinuerlig;
  • I stedet for Windows lasting som normalt, Avansert alternativmenyen skal vises;
  • Velg det første alternativet, å kjøre Windows i sikkermodus, og trykk deretter på Angi.
  • Velg din vanlige konto.
  • Åpne de utpakkede SDFix mappe og dobbeltklikk RunThis.bat å starte skriptet.
  • Type Y å starte Cleanup prosessen.
  • Det vil fjerne enhver Trojan Service og registeroppføringene den finner deretter be deg om å trykke en tast for å starte på nytt.
  • Trykk på en tast og det vil starte PC.
  • Når PC-en starter Fixtool vil kjøre igjen og fullføre fjerningen deretter vise Ferdig, Trykker på en tast for å avslutte skriptet og laste desktop ikoner.
  • Når skrivebordsikonene laste SDFix rapporten åpnes på skjermen, og også lagre i SDFix mappen som Report.txt
    (Report.txt vil også bli kopiert til utklippstavlen).
  • Legger innholdet i Report.txt i neste post som en Vedlegg med en ny HijackThis log


Neste post
SDFix logg
Ny Hijackthis logg
__________________
  #7  
Old 6te 2008 jan 09:58
Medlem Group
  
Default Endless søk ... og dumme Firefox ...

problemet løses. :) Thnx
  #8  
Old 6 januar 2008, 12:47
Moderator Group
  
Default Endless søk ... og dumme Firefox ...

Sitat:
Originally Posted by Nikronius View Post
problemet løses. :) Thnx



Vil du sinn innlegg loggene?
__________________
  #9  
Old 9th 2008 jan 09:36
Medlem Group
  
Default Endless søk ... og dumme Firefox ...

ingen problem.
Reply

Register

Hugseliste

Lignende Tråder
Tråd Tråd startet Forum Svar Siste innlegg
Firefox Redirects til falsk webside når du bruker Google Search UncleSlam Virus, spionprogrammer og sikkerhet 27 12 mars 2009 14:45
Outlook søk og avansert søk ikke fungerer (prøvde å gjenoppbygge indeksen) Psychotron Office Suites & Applications 1 16 juli 2008 19:22
XP SP3 cripples enkelte PCer med endeløse reboots SocialWarfare Windows-operativsystemer 5 9 mai 2008 09:56
Hadde Something Dum FunkyJuice CPUer, Hovedkort & RAM 10 5 feb 2008 17:09
Endless Problemer, Windows wont Start nå Polkigtry General Hardware Chat 2 13 januar 2008 02:06
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Personvern -- Sitemap -- Topp

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, gjennomgå webområdet, Inc.