CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede jubasen Nybegynder
14. april 2006 - 18:13 Der er 14 kommentarer og
2 løsninger

hijackthis log

Jeg har fået en ældre computer hvor der ligger noget smus på - er der nogen der vil kigge hjt filen igennem.

Logfile of HijackThis v1.99.1
Scan saved at 21:12:44, on 13-04-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\F-AGNT95.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\DVP95_0.EXE
C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAMMER\TOPCOM\SKYRACER WIRELESS LAN USB\ZDCONFIG.EXE
C:\PROGRAMMER\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
A:\HJT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myhandysearch.com/s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.myhandysearch.com/s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ecputt.t.muxa.cc/h.php?aid=227 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [F-Secure Anti-Virus] C:\Programmer\Data Fellows\F-Secure\Anti-Virus\F-AGNT95.EXE
O4 - HKLM\..\Run: [F-Secure Gatekeeper] C:\PROGRA~1\DATAFE~1\F-SECURE\ANTI-V~1\DVP95.EXE
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [od-stnd218] c:\Webdialer\od-stnd218.exe -m
O4 - HKCU\..\Run: [xvwiz32] C:\Dokumenter\xvwizard32.hta
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Skyracer USB.lnk = C:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1800ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://63.219.181.7/MaConnect.cab
Avatar billede arlet Juniormester
14. april 2006 - 18:33 #1
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet.

Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Kom også med en frisk hijackthislog.
Avatar billede jubasen Nybegynder
14. april 2006 - 21:22 #2
her er SUPERAntiSpyware logen

SUPERAntiSpyware Scan Log
Generated 04/14/2006 at 09:06 PM

Core Rules Database Version : 0
Trace Rules Database Version: 0

Memory threats detected  : 0
Registry threats detected : 9
File threats detected    : 64

Parasite.CoolWebSearch Variant
    HKLM\Software\Classes\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}\InprocServer32
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}\InprocServer32#ThreadingModel
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}\ProgID
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}\Programmable
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}\TypeLib
    HKCR\CLSID\{587DBF2D-9145-4c9e-92C2-1F953DA73773}\VersionIndependentProgID
    C:\WINDOWS\APPLICATION DATA\WINBQ\WINBQ.DLL

Adware.Tracking Cookie
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@bs.serving-sys[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@adfair[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@cgi-bin[3].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@as1.falkag[3].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@tradedoubler[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@serving-sys[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@atdmt[2].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@overture[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@doubleclick[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@advertising[2].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@sel.as-eu.falkag[2].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@as-eu.falkag[1].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@adtech[2].txt
    C:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@track.adform[1].txt
    c:\WINDOWS\TEMP\Cookies\anyuser@adtech[2].txt
    c:\WINDOWS\TEMP\Cookies\anyuser@ads2.jubii[1].txt
    c:\WINDOWS\TEMP\Cookies\anyuser@mediaplex[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anne@doubleclick[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anne@advertising[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anne@ads2.jubii[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anne@ilead.itrack[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anne@as1.falkag[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anne@servedby.advertising[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacool@ads2.jubii[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacool@doubleclick[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacool@ilead.itrack[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacool@advertising[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacool@as1.falkag[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacool@servedby.advertising[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@advertising[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@servedby.advertising[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@advertising[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@as1.falkag[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@www.qksrv[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@ads2.jubii[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@as1.falkag[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@doubleclick[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@ilead.itrack[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@trafficmp[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@servedby.advertising[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@as1.falkag[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@ilead.itrack[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@atdmt[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@doubleclick[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@advertising[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@ads2.jubii[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@hitbox[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@adtech[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@questionmarket[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@phg.hitbox[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@servedby.advertising[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@server.iad.liveperson[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@ilead.itrack[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@servedby.advertising[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@ads2.jubii[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\anyuser@indextools[2].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@as1.falkag[4].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@advertising[3].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@ilead.itrack[4].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@servedby.advertising[4].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\jacob_anne@anne@mediaplex[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@adtech[1].txt
    c:\WINDOWS\Profiles\sødeanne\Cookies\sødeanne@as1.falkag[2].txt


og her er ny HJT fil

Logfile of HijackThis v1.99.1
Scan saved at 21:24:24, on 14-04-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\F-AGNT95.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\DVP95_0.EXE
C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAMMER\TOPCOM\SKYRACER WIRELESS LAN USB\ZDCONFIG.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
C:\WINDOWS\NOTEPAD.EXE
A:\HJT.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myhandysearch.com/s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.myhandysearch.com/s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ecputt.t.muxa.cc/h.php?aid=227 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [F-Secure Anti-Virus] C:\Programmer\Data Fellows\F-Secure\Anti-Virus\F-AGNT95.EXE
O4 - HKLM\..\Run: [F-Secure Gatekeeper] C:\PROGRA~1\DATAFE~1\F-SECURE\ANTI-V~1\DVP95.EXE
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [od-stnd218] c:\Webdialer\od-stnd218.exe -m
O4 - HKCU\..\Run: [xvwiz32] C:\Dokumenter\xvwizard32.hta
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Skyracer USB.lnk = C:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1800ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://63.219.181.7/MaConnect.cab
O20 - Winlogon Notify: SASWinLogon - C:\PROGRAMMER\SUPERANTISPYWARE\SASWINLO.DLL
Avatar billede arlet Juniormester
14. april 2006 - 22:26 #3
Hent denne scanner:
Ewido kan du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet,
(men lad være med at scanne endnu).

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
(men lad være med at scanne endnu).

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
(Når du er erklæret ren igen, skal du huske at sætte indstillingerne tilbage)

--------------------------------------------------------------------

Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myhandysearch.com/s.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.enjoysearch.info/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enjoysearch.info/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.enjoysearch.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.myhandysearch.com/s.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.e-finder.cc/search/" target="_blank">http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://ecputt.t.muxa.cc/h.php?aid=227 (obfuscated)

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL

O4 - HKLM\..\Run: [xvwiz32] C:\WINDOWS\system32\xvwizard32.hta
O4 - HKCU\..\Run: [od-stnd218] c:\Webdialer\od-stnd218.exe -m
O4 - HKCU\..\Run: [xvwiz32] C:\Dokumenter\xvwizard32.hta
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\MSXMIDI.EXE

O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?

Find og slet den/disse manuelt:

C:\WINDOWS\system32\xvwizard32.hta
c:\Webdialer\od-stnd218.exe

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.


Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)


Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.


Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og kopier den report herind sammen med en hijackthis log taget efter du har kørt Ewido
Avatar billede jubasen Nybegynder
15. april 2006 - 20:10 #4
Det var ikke muligt for mig at finde drweb32w.log filen.

Jeg kunne heller ikke kører Ewido, da det er windows 98 maskinen kører på.

Men her er hijackthis filen

Logfile of HijackThis v1.99.1
Scan saved at 20:13:47, on 15-04-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\F-AGNT95.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\DVP95_0.EXE
C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAMMER\TOPCOM\SKYRACER WIRELESS LAN USB\ZDCONFIG.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
A:\HJT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [F-Secure Anti-Virus] C:\Programmer\Data Fellows\F-Secure\Anti-Virus\F-AGNT95.EXE
O4 - HKLM\..\Run: [F-Secure Gatekeeper] C:\PROGRA~1\DATAFE~1\F-SECURE\ANTI-V~1\DVP95.EXE
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Skyracer USB.lnk = C:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1800ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://63.219.181.7/MaConnect.cab
O20 - Winlogon Notify: SASWinLogon - C:\PROGRAMMER\SUPERANTISPYWARE\SASWINLO.DLL
Avatar billede arlet Juniormester
15. april 2006 - 20:21 #5
Fix disse i hijackthis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.DLL,Install

find og slet:
C:/WINDOWS/IMAGE.DLL <- Filen

genstart og ny hijackthis log
Avatar billede fromsej Praktikant
15. april 2006 - 20:33 #6
Arlet >> Jeg kunne godt tænke mig at se en CWShredder scanning, hvor vi får en log fra programmet, i stedet for at den fixer.
Det ser ud til at SAS snupper det, men alligevel.

Hent CWShredder her:
http://danborg.org/spy/CWS/cwshredder.exe
Placer det i en mappe for sig selv.
Kør CWShredder, afbryd din internetforbindelse fysisk(stikket ud), deaktiver ALLE sikkerhedsprogrammer, luk alle vinduer undtaget cwshredder, klik på Make Report, klik på Scan, når den er færdig, klik en gang inde i vinduet, tryk så på <Ctrl> og <A> samtidigt, så teksten bliver markeret, tryk på <Ctrl><C> for at kopiere, klik i Svarfeltet herinde og tryk på <Ctrl><V> så sender du teksten herind.
Avatar billede arlet Juniormester
15. april 2006 - 20:36 #7
Fromsej -> Jeg kiggede også med det samme om det var en CWS, men jeg kunne ikke umiddelbart finde den på listen..
Avatar billede arlet Juniormester
15. april 2006 - 20:37 #8
hehe, måske fordi at det var en gammel cws liste jeg kiggede på*S*
Avatar billede fromsej Praktikant
15. april 2006 - 20:42 #9
Du er snart lige så glemsom som mig.*G*
Avatar billede jubasen Nybegynder
15. april 2006 - 22:10 #10
her er CWShredder scanning

**** Run Keys ****

RUN: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
RUN: [Job-oversigt] C:\WINDOWS\taskmon.exe
RUN: [SystemTray] SysTray.Exe
RUN: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RUN: [AtiCwd32] Aticwd32.exe
RUN: [AtiKey] Atitask.exe
RUN: [F-Secure Anti-Virus] C:\Programmer\Data Fellows\F-Secure\Anti-Virus\F-AGNT95.EXE
RUN: [F-Secure Gatekeeper] C:\PROGRA~1\DATAFE~1\F-SECURE\ANTI-V~1\DVP95.EXE
RUN: [Pop-Up Stopper] "C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
RUN: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
RUN: [Host] 
RUN: [Host] 
RUN: [SUPERAntiSpyware] C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE


**** Browser Helper Objects ****



**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINDOWS\SYSTEM\MSDXM.OCX


**** IE Extensions ****

IEExt: [@shdoclc.dll,-866] 


**** Hosts File Entries ****



**** IE Settings ****

IEBypass: <local>
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Local Page: C:\WINDOWS\SYSTEM\blank.htm


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: MS.w95.spi.tcp
LSP: MS.w95.spi.udp
LSP: MS.w95.spi.rsvptcp
LSP: MS.w95.spi.rsvpudp


**** Blocked Control Panel Items ****

BLOCKED: [] 


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso4.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]
Internet Explorer Classes for Java [file://C:\WINDOWS\SYSTEM\iejava.cab]


**** Windows Services ****



**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search] 
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.enjoysearch.info/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Show_ChannelBand] no
IEOPT: [FullScreen] no
IEOPT: [LastCheckedHi] =+://www.enjoysearch.info/
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Disable Script Debugger] yes
IEOPT: [FormSuggest Passwords] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [SmoothScroll] 
IEOPT: [Page_Transitions] 
IEOPT: [NoUpdateCheck] 
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [Play_Animations] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Show image placeholders] 
IEOPT: [Print_Background] no
IEOPT: [check_associations] 
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [AddToFavoritesExpanded] 
IEOPT: [Use Custom Search URL] 
IEOPT: [HistoryTopNSitesView] 
IEOPT: [HistoryViewType] 
IEOPT: [Use Search Asst] no
IEOPT: [NoWebJITSetup] 
IEOPT: [NoJITSetup] 
IEOPT: [Enable Browser Extensions] yes
IEOPT: [AllowWindowReuse] 
IEOPT: [NscSingleExpand] 
IEOPT: [Force Offscreen Composition] 
IEOPT: [Move System Caret] no
IEOPT: [Expand Alt Text] no
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [AutoSearch] 
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk] 
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Anchor_Visitation_Horizon] 
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width] 
IEOPT: [Placeholder_Height] 
IEOPT: [Start Page] about:blank
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Update_Check_Page] http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update
IEOPT: [Update_Check_Interval] 
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Use Search Asst] no
IEOPT: [AddClsReg] 
IEOPT: [AddClsatid] #?ADOSO
IEOPT: [AddClsutid] 
IEOPT: [AddClsan] 
IEOPT: [AddClsctid] @ADOSO

og her er hjt filen

Logfile of HijackThis v1.99.1
Scan saved at 22:18:36, on 15-04-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\F-AGNT95.EXE
C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\DVP95_0.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAMMER\TOPCOM\SKYRACER WIRELESS LAN USB\ZDCONFIG.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
C:\WINDOWS\SKRIVEBORD\NY MAPPE\CWSHREDDER.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
A:\HJT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [F-Secure Anti-Virus] C:\Programmer\Data Fellows\F-Secure\Anti-Virus\F-AGNT95.EXE
O4 - HKLM\..\Run: [F-Secure Gatekeeper] C:\PROGRA~1\DATAFE~1\F-SECURE\ANTI-V~1\DVP95.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Skyracer USB.lnk = C:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1800ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://63.219.181.7/MaConnect.cab
O20 - Winlogon Notify: SASWinLogon - C:\PROGRAMMER\SUPERANTISPYWARE\SASWINLO.DLL
Avatar billede fromsej Praktikant
15. april 2006 - 22:16 #11
Det ser aldeles fornuftigt ud, eneste "spor" er sådan set startsiden, men den vidste vi jo var der.
Vi lader Arlet hvile på laurbærrene, mens du fixer de to her med hijackthis:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.enjoysearch.info/
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://63.219.181.7/MaConnect.cab

Genstart, lav din startside om til http://fromsej.dk (eller http://google.dk), kom så med en frisk hijackthislog.
Avatar billede jubasen Nybegynder
16. april 2006 - 10:10 #12
her er en ny hjt fil

Logfile of HijackThis v1.99.1
Scan saved at 10:18:17, on 16-04-06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\F-AGNT95.EXE
C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\DATA FELLOWS\F-SECURE\ANTI-VIRUS\DVP95_0.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\CONNMNGMNTBOX.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ECTASKSCHEDULER.EXE
C:\PROGRAMMER\TOPCOM\SKYRACER WIRELESS LAN USB\ZDCONFIG.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\ELOGERR.EXE
C:\PROGRAMMER\INTUWAVE\SHARED\MROUTERRUNTIME\MROUTERRUNTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\BROADCASTPROXY.EXE
C:\PROGRAMMER\NOKIA\PC SUITE FOR NOKIA 6600\SCRFS.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
A:\HJT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [F-Secure Anti-Virus] C:\Programmer\Data Fellows\F-Secure\Anti-Virus\F-AGNT95.EXE
O4 - HKLM\..\Run: [F-Secure Gatekeeper] C:\PROGRA~1\DATAFE~1\F-SECURE\ANTI-V~1\DVP95.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAMMER\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PCSuiteForNokia6600 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
O4 - Startup: PCSuiteForNokia6600 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
O4 - Startup: Skyracer USB.lnk = C:\Programmer\TOPCOM\Skyracer Wireless LAN USB\ZDConfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1800ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O20 - Winlogon Notify: SASWinLogon - C:\PROGRAMMER\SUPERANTISPYWARE\SASWINLO.DLL
Avatar billede fromsej Praktikant
16. april 2006 - 11:25 #13
Så er din log ren, vi behøver ikke se flere.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Ps:
Jeg skal ikke have point, jeg fik set det jeg gerne ville. :-)
Avatar billede arlet Juniormester
16. april 2006 - 21:31 #14
jubasen -> Det var godt at du blev ren..

Fromsej -> Du er jo lynende hurtig til at følge op, så det burde koste mig mindst halvdelen af de point herfra..
Men som sædvanlig tak for hjælpen ;-)
Avatar billede fromsej Praktikant
16. april 2006 - 21:51 #15
Anytime.*S*
Jeg vil bare frygtelig gerne, hvis du render ind i en rigtig ond CWS, se hvad SAS kan gøre ved den. ;-)
Avatar billede arlet Juniormester
16. april 2006 - 21:53 #16
Jeg skal nok råbe op, hvis jeg møder en på min vej*S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
2 min siden Hjælp til curl() Af nemlig i PHP
I dag 18:27 PNG til SVG til 3d printer Af frem-ad i Billedbehandling
I dag 16:24 Visning af, hvor i formel-leddet jeg arbejder, er forsvundet Af Nuser2008 i Excel
I dag 13:06 Problemer med at starte computeren Af Juve i Windows
I går 22:23 Framer + SEO – små tweaks der virker? Af gustavbang i Søgemaskiner
White papers
Flere white papers »


Premium
Teaser billede
Med en uforudsigelig Trump på alles læber møder vi Metas politiske topchef, Chris Yu, der er rejst til Danmark med et klart budskab
Læs mere »
Microsoft klar med stor-opdatering: Har opdaget stribe af alvorlige sårbarheder
Få overblikket: Sådan anvender din kommune AI til at løse sine opgaver
TV 2 nødt til at lægge millioner hos Microsoft for ny support-aftale: Kun Microsoft kan levere til sine egne systemer
Se alle »
Computerworld
Teaser billede
Kæmpe software-opdatering på vej: iPhone, Mac og iPhone skal have helt nyt skærm-design
Læs mere »
Test: Knaldhurtig budget-Volvo er nok mere legesyg end godt er
Topscorer til test: Stærk lille 5G-mobilrouter fås nu til den helt rigtige pris
Massiv kovending: Endnu en tech-gigant dropper inklusionsmål efter Trump-ordre
Se alle »
CIO
Teaser billede
Hver dag betaler Region Hovedstaden mere end 174.000 kroner for Microsoft-licenser: "Vi betaler rigtig mange penge for at sende en mail"
Læs mere »
Bliver næsten ikke anvendt: Alligevel tvinger Microsoft Region Syddanmark til at betale fuld pris for alle 25.000 medarbejdere
Den danske it-top samlet til en slags krisemøde med Trump på agendaen: Det er nødvendigt at reagere
Microsoft-direktør Mette Kaagaard tager kritik af Microsofts høje priser helt roligt: Derfor stiger priserne
Se alle »
Job & Karriere
Teaser billede
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Læs mere »
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Microsoft fyrer de dårligst performende ansatte: Disse jobtitler bliver ramt
Se alle »
White paper
Teaser billede
TIDSBEGRÆNSET KAMPAGNE: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner GRATIS.
Læs mere »
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »