CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede jtmicor Praktikant
14. august 2005 - 21:48 Der er 20 kommentarer og
1 løsning

vira og Messenger

Hej!
Jeg har et problem med følgende vira:

angelex.dk
Mapvjyn.exe
rouge.exe
zeta.exe

En af dem gør, at jeg ikke kan bruge Messenger eller logge ind på hotmail.Jeg har desuden et kæmpe problem med en masse pop-opper, der kommer, selv om jeg har blokeret for pop op vinduerHar I et godt råd?

Hjælp!
Avatar billede fromsej Praktikant
14. august 2005 - 21:54 #1
Følg vejledningen her:
http://www.eksperten.dk/artikler/755
Du kan springe The Hoster delen over.
Avatar billede jtmicor Praktikant
15. august 2005 - 18:50 #2
Jeg har fulgt anvisningen.Men nu hvor jeg har hentet Spybot vil den ikke køre uden at jeg har hentet opdateringer til den. Men når jeg pøver det, får jeg denne fejlmeddelelse:

socket error 10061

Jeg ved ikke hvorfor serveren afslår min forbindelse. Jeg skal så lige tilstå, at da jeg kørte Ewido kom jeg til at sige ja til at slette nogle filer de var inficerede, og nu ved opstart kom der flere fejlmeddelelser om visse filer den ikke kunne finde. Ups...Kan jeg redde det hjem igen?
Avatar billede fromsej Praktikant
15. august 2005 - 21:35 #3
Lav en Hijackthislog, spring Spybot over.
Avatar billede jtmicor Praktikant
16. august 2005 - 11:53 #4
her er kopierne af logs:

1.Drweb:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 20582
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Scan speed: 2417 Kb/s
Scan time: 00:20:50

Det skal lige tilføjes, at pc´en gik ned på et tidspunkt under scanningen, så jeg måtte starte forfra.


2.Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            18:08:22, 15-08-2005
+ Report-Checksum:        1FEFC8AB

+ Scan result:

    HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\anything -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\anything\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf3 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf5 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{82315A18-6CFB-44a7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} -> Spyware.SafeSurfing : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\Gator.com\Gator\stat -> Spyware.Gator : Cleaned with backup
    HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82315A18-6CFB-44a7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\untopr1150 -> Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
    HKLM\SOFTWARE\sais -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\WhenUSave -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSave\Partners -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSave\Partners\EEPE -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Spyware.WebRebates : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
    HKU\S-1-5-21-1435992507-2532242666-2720197965-1006\Software\sais -> Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\Gæst\Cookies\gæst@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Gæst\Cookies\gæst@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@commission-junction[2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@counter16.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ehg-cafepress.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ehg-cbs.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ehg-proflowers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@ehg-randomhouse.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
    C:\Documents and Settings\Julle\Cookies\julle@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temp\djtopr1150.exe -> Spyware.WebRebates.g : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temp\jkill.exe -> Spyware.VX2 : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temp\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temp\sidefind.exe -> Spyware.SideFind : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\89AB89EF\bb[1].exe -> TrojanDownloader.Adload.a : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\89AB89EF\ysb_regular[1].cab/ysbactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\GLU345YR\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
    C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\KPIB89UF\sidefind[1].exe -> Spyware.SideFind : Cleaned with backup
    C:\Programmer\180Solutions\sais.exe -> Spyware.180Solutions : Cleaned with backup
    C:\Programmer\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\Programmer\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\Programmer\FileSubmit\Sexy Women from the Buffy the Vampire Slayer & Angel TV Series\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\Programmer\FileSubmit\Sexy Women from the Buffy the Vampire Slayer & Angel TV Series\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
    C:\Programmer\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    C:\Programmer\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\Programmer\Power Scan\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
    C:\Programmer\QuickSearch\Uninstall_QuickSearchBar.exe -> Spyware.Quick : Cleaned with backup
    C:\Programmer\Save\Save.exe -> Adware.SaveNow : Cleaned with backup
    C:\Programmer\Web_Rebates -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Ap1150 -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Ap1150\psid1170.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Ap1150\topr1150.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150 -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150\1150sh.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150\41c4918725c0.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150\administrator -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150\administrator\41c49190126a.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150\Julle -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Da1150\Julle\41c49190126a.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\disp1150.exe -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\README.txt -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150 -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\popo1150a_r.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\popo1150a_rb.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\popo1150a_rbh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\popo1150a_u.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\popo1150a_ub.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\popo1150a_ubh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\pref1150a.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\scri1150a.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\spec1150a_r.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\spec1150a_rb.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\spec1150a_rbh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\spec1150a_u.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\spec1150a_ub.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Html\spec1150a_ubh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\p.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_envelope.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_popup_toprebates_hdr_small.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_popup_toprebates_hdr_small2.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_pop_circles.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_pop_circles_2.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_pop_circles_3.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_pop_settings.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_register.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Images\topr_register_footer.gif -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Sy1150 -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Sy1150\1150_0.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Sy1150\1150_1.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Sy1150\1150_2.dat -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150 -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\log.txt -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\popo1150a_r.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\popo1150a_rb.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\popo1150a_rbh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\popo1150a_u.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\popo1150a_ub.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\popo1150a_ubh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\pref1150a.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\spec1150a_r.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\spec1150a_rb.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\spec1150a_rbh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\spec1150a_u.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\spec1150a_ub.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\Sy1150\Tp1150\spec1150a_ubh.htm -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\WebRebates0.exe -> Spyware.WebRebates : Cleaned with backup
    C:\Programmer\Web_Rebates\WebRebates1.exe -> Spyware.WebRebates : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
    C:\WINDOWS\iGator\trickler3103_pic_fs_dmpt_3103.exe -> Adware.Gator : Cleaned with backup
    C:\WINDOWS\iLookup -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\iLookup\ezStub22.exe -> Adware.eZula : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\exdl0.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\mac80ex.idf/C:/WINDOWS/System32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\mac80ex.idf/C:/Programmer/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\mac80ex.idf/C:/Programmer/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\WebRebates_Auto_InstallSilent.exe -> Spyware.WebRebates.g : Cleaned with backup


::Report End


3.Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:50:27, on 16-08-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\MSN Apps\Updater\01.03.0000.1005\da\msnappau.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\BearShare\BearShare.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\TEXTware\QUICKfind\QFServer.exe
C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\ENQJE1I7\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.bolig-net aarhus.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.03.0000.1005\da\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Vxudrsh] C:\Program Files\Qzlmzo\Mapvjyn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: wkcalrem.LNK = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by4fd.bay4.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7E367995-ED67-4622-8DC6-D8D4EEA82347} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Kan du se hvad der er galt?
Avatar billede jtmicor Praktikant
16. august 2005 - 12:16 #5
Derudover brokker pc´en sig ved opstart flere gange over at der mangler en fil:

C/windows/System32/skjqfrqfz/csrss.exe

Kan jeg fikse det på noget måde?
Avatar billede fromsej Praktikant
16. august 2005 - 17:53 #6
Hent de her to programmer:
http://cexx.org/lspfix.htm - http://cexx.org/lspfix.zip
http://www.bleepingcomputer.com/forums/index.php?showtutorial=59 - Vejledning.
http://danborg.org/spy/Newnet/winsockxpfix.exe - Winsockfix.

Fjern Bearshare, Newdotnet, power scan og BullsEye network i Tilføj/fjern programmer, hvis du kan.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

F3 - REG:win.ini: load=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Vxudrsh] C:\Program Files\Qzlmzo\Mapvjyn.exe
O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O18 - Protocol: ALLE
---------------------------------------
Sletning af \mapper\ og filer:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
C:\WINDOWS\System32\skjqfrqfz\
C:\PROGRA~1\NEWDOT~1\
C:\Programmer\BearShare\
C:\Programmer\Power Scan\
C:\Programmer\BullsEye Network\
C:\Program Files\Qzlmzo\
-------------------
Filer:
<Ingen>
---------------------------------------
Genstart normalt, tjek om du kan komme på nettet, ellers skal du bruge de to programmer du hentede i starten.
Kør først LSPfix, sæt flueben i I know what I am doing, klik på finish, genstart så burde det virke.
Gør det ikke det, så prøv det andet program, klik først på Reg-backup, og gem en kopi af din regdatabase, når det er slut klik på Fix, når den er færdig genstart og så skulle du gerne kunne komme på nettet igen.
---------------------------------------
Genstart normalt, hent og installer programmet Ad-aware hvis du da ikke har det i forvejen. Opdater det straks efter installationen, og inden du kører en scanning med denne. Fjern alt hvad den finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/tipsogtricks.htm#adaware
Følg også vejledningen her til udvidet søgning:
http://www.spywarefri.dk/manualer/adaware-manual.htm
---------------------------
Genstart normalt og kom med en frisk Hijackthislog.
Avatar billede jtmicor Praktikant
17. august 2005 - 12:04 #7
Logfile of HijackThis v1.99.1
Scan saved at 12:06:24, on 17-08-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Microsoft Works\WksSb.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\MSN Apps\Updater\01.03.0000.1005\da\msnappau.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmer\TEXTware\QUICKfind\QFServer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\ENQJE1I7\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.bolig-net aarhus.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.03.0000.1005\da\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: wkcalrem.LNK = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by4fd.bay4.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede fromsej Praktikant
17. august 2005 - 12:36 #8
Det var ligegodt groft.
Fixes med Hijackthis:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\System32\skjqfrqfz\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\skjqfrqfz\csrss.exe

Tjek om mappen C:\WINDOWS\System32\skjqfrqfz\ er slettet, hvis ikke så slet den, det skal du sikkert gøre i fejlsikret.

Genstart, kør Hijackthis igen, se om linierne er forsvundet.
Avatar billede jtmicor Praktikant
17. august 2005 - 13:01 #9
Her er den seneste log. Jeg kan stadig ikke åbne Messenger og under opstart af WinXP kommer denne fejlmeddelelse:

Fejl under indlæsning af C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Hvad er det?


Logfile of HijackThis v1.99.1
Scan saved at 13:03:14, on 17-08-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\MSN Apps\Updater\01.03.0000.1005\da\msnappau.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julle\Lokale indstillinger\Temporary Internet Files\Content.IE5\ENQJE1I7\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\dan.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.bolig-net aarhus.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.03.0000.1005\da\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: wkcalrem.LNK = ?
O4 - Global Startup: Gyldendals Røde Ordbøger.lnk = C:\Programmer\TEXTware\Illuminator 2\Illview02.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by4fd.bay4.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede fromsej Praktikant
17. august 2005 - 13:05 #10
Hmm, der er vist en der har overset noget. (Mig)
Denne her skal fixes, så er Newdotnet problemet overstået:
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

Har du prøvet at geninstallere Messenger?
Det er vel ikke en firewall der blokerer den, hvilken fejl får du?
Avatar billede majsmarken Nybegynder
17. august 2005 - 13:07 #11
(Du er nr 117+ der er 'angrebet' af NewDotNet virusen - <fromsej> skal nok guide dig igennem. Glemte tilsyneladende den i sidste omgang?)
Avatar billede jtmicor Praktikant
17. august 2005 - 13:21 #12
Jeg har lige downloadet Messenger igen, men det er det samme. Når jeg prøver at logge på kommer denne fejlmedelelse:

Du kan ikke logge på MSN Messenger på nuværende tidspunkt. Prøv igen senere 80072efd

Det er min lille teanage søsters pc/liv jeg prøver at redde. Hvis det lykkes og du nogensinde får brug for en nyre, så ... så er jeg sikker på at hun vil prøve at overtale mig;-)
Avatar billede fromsej Praktikant
17. august 2005 - 13:35 #13
Prøv at tage et kig her, de to nederste forslag ligner noget brugbart:
http://www.msn-problems.com/solve-msn-messenger-problem/sign-in/msn-7/msn-messenger-sign-in-80072efd.php
Avatar billede jtmicor Praktikant
17. august 2005 - 13:48 #14
Nope...
Avatar billede fromsej Praktikant
17. august 2005 - 13:54 #15
Hmm, prøv lige det med Proxy fra dette link:
http://www.askmarvin.ca/forums/index.php?showtopic=3906

Ellers må du lige prøve at genregistrere Internet Explorers dll filer, det klarer dette program.
Hent denne fil og pak den ud til Skrivebordet. Dobbeltklik på IEReg.bat
http://www.fbeej.dk/Programmer/iereg.zip

Genstart og se om det ændrer noget.
Avatar billede jtmicor Praktikant
17. august 2005 - 14:19 #16
nope...er der snart mere der kan gøres?
Avatar billede fromsej Praktikant
17. august 2005 - 19:03 #17
Fejlen ligger et eller andet sted i Messenger opsætningen, du kan prøve dette link:
http://www.google.dk/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2005-17,GGLD:en&q=80072efd
Der er masser af forslag, skal jeg sidde og finde hver enkelt, linke til det, så skal du prøve det vil det tage uger inden vi finder fejlen, det er meget hurtigere at du selv går det igennem.

Ellers luk her, og opret et nyt spørgsmål omkring Messenger, det har sin egen kategori her på Eksperten.
http://www.eksperten.dk/spm/Programmer/Chat/MSN/
Det tror jeg du vil få hurtigst hjælp af.
Avatar billede jtmicor Praktikant
17. august 2005 - 20:29 #18
Tak for hjælpen! Jeg prøver lige det sidste du har foreslået. Tak for din tid!
Avatar billede fromsej Praktikant
17. august 2005 - 22:02 #19
Velbekomme, tak for point. :o)

Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Majsmarken >> Bare træd i det.*G* (17/08-2005 13:07:14)
Avatar billede fromsej Praktikant
17. august 2005 - 22:11 #20
En sidste ting du kan prøve er The Hoster, jeg ved godt jeg skrev at du kunne springe den del over, men prøv det lige og se om det gør tricket.
http://www.eksperten.dk/artikler/755
Avatar billede jtmicor Praktikant
18. august 2005 - 08:27 #21
Mange tak for de gode råd. Jeg tager på ferie nu, men så må familien kæmpe videre med det selv nu. Hav det super!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
I går 15:27 Billeder kan ikke åbnes Jpeg.modd Af KristinaS i Billedbehandling
I går 13:44 eM Client Af valby i E-mail programmer
I går 13:33 Facebook gruppe Af Btimmer i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Læs mere »
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Fire år gamle Wiz takker nej til Alphabets historiske opkøbstilbud på 160 milliarder kroner: Satser i stedet på børsnotering
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Sådan forbereder energiselskabet OK sig på cyberangreb: "Prisen for ikke at gøre noget kan være forfærdeligt høj"
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Samlet platform sikrer sammenhæng, kontrol og sikkerhed i hybrid cloud
Læs mere »
Sådan høster du forretningsfordelene ved Internet of Things
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »