Fra Klaus, fromsej !! så prøver vi det tunge skyts. Spybot delen er kørt og her er loggen fra Hijackthis :
_______________________________________________________________________
Logfile of HijackThis v1.96.4
Scan saved at 09:39:44, on 10-09-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programmer\ahead\InCD\InCD.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\System32\HpMmKbd.exe
D:\program files\quicktime\qttask.exe
D:\Program Files\Winamp3\Winamp\Winampa.exe
D:\Program Files\Free Surfer\Free Surfer\fs20.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
D:\Programmer\WinTools.net\memorybooster.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
D:\Programmer\Tweak-XP Pro\AdBlocker.exe
D:\Program Files\photoinpact\ABMTSR.EXE
C:\NORMAN\Nvc\BIN\NYMSE.EXE
D:\Program Files\WinZip\WZQKPICK.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
D:\Program Files\Hotmail Popper\hotpop.exe
D:\PROGRA~2\WINZIP\winzip32.exe
C:\Documents and Settings\Klaus\Lokale indstillinger\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.zenexa.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://kalender.tdconline.dk/index.php?period=weekR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: TDC Online - {D37808DE-D46B-4DCC-95F8-188E33B95B36} - D:\PROGRA~2\TDCONL~1\TDCOBar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\2.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [USSShReg] d:\PROGRA~2\PHOTOI~1\SSaver\Ussshreg.exe /r
O4 - HKLM\..\Run: [freesurfer] D:\Program Files\Free Surfer\Free Surfer\fs20.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MemoryBooster] D:\Programmer\WinTools.net\memorybooster.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480SXU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P25 "EPSON Stylus COLOR 480SXU" /O6 "USB001" /M "Stylus COLOR 480SXU"
O4 - HKCU\..\Run: [BlockAds] "D:\Programmer\Tweak-XP Pro\AdBlocker.exe"
O4 - Startup: Hotmail Popper.lnk = D:\Program Files\Hotmail Popper\hotpop.exe
O4 - Global Startup: Album Fast Start.lnk = D:\Program Files\photoinpact\ABMTSR.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~2\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Tilføj Link Til Online Bookmark -
Res://D:\Program Files\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARKLINK_HTM
O8 - Extra context menu item: Tilføj Til Online Bookmark -
Res://D:\Program Files\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARK_HTM
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/dk/win/QuickTimeInstaller.exeO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/08564f9a2e221680e805/netzip/RdxIE601.cabO16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.cabO16 - DPF: {5F49A4F0-8208-4715-9F14-EA17689E58F5} (MathObj Class) -
https://skinfakse.certifikat.dk/csp/authenticode/PrimeInkCSPInstall.exeO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37748.2166203704O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) -
http://xbs.climaxbucks.com/internet-optimizer/080703/MultiDist.CAB_________________________________________________________________________
Håber den er til gavn. Jeg tror ( og håber ) at du eller en anden har en løsning på hvordan man får adgang til at ændre NTFS filbeskyttelsen, eller har kendskab til et program der kan gå bag denne ????.
klaus