Jump to content
Sign in to follow this  
abrams

search2web - trenger hjelp!

Recommended Posts

Trenger hjelp for å fjerne en "verktøylinje" i bunnen av webbrowseren min. Er blå med følgende ikoner: make money, music, casino, investing, travel etc. -Tror den kom i sammenheng med at jeg installerte MSN plus, som forøvrig er slettet nå.

Har kjørt både adawre og spybot uten resultater...

Kan noen hjelpe meg!?

 

Under følger logg fra hijack this:

 

Logfile of HijackThis v1.98.2

Scan saved at 19:28:17, on 12.09.04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\NORMAN\NVC\BIN\ZANDA.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\NORMAN\NVC\BIN\CCLAW.EXE

C:\NORMAN\NVC\BIN\NVCSCHED.EXE

C:\NORMAN\NVC\BIN\NJEEVES.EXE

C:\NORMAN\NVC\BIN\NIP.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAMFILER\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAMFILER\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\PRPCUI.EXE

C:\WINDOWS\DITASK.EXE

C:\PROGRAMFILER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\LOADQM.EXE

D:\PROGRAMMER\RFA\RFAGENT.EXE

C:\NORMAN\NVC\BIN\ZLH.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\WINDOWS\SYSTEM\LVCOMSX.EXE

C:\PROGRAMFILER\LOGITECH\VIDEO\LOGITRAY.EXE

C:\NORMAN\NVC\BIN\NYMSE.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAMFILER\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAMFILER\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAMFILER\LOGITECH\VIDEO\FXSVR2.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\SYSTEM\OOBE\BLANK.HTM

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {183D1D88-911D-C185-8EEF-0408DE543B63} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [synTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe

O4 - HKLM\..\Run: [DiTask] c:\windows\ditask.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [rfagent] D:\PROGRAMMER\RFA\rfagent.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [iCSDCLT] c:\windows\rundll32.exe c:\windows\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [OmgStartup] C:\Programfiler\Fellesfiler\Sony Shared\OpenMG\OmgStartup.exe

O4 - HKLM\..\Run: [LVCOMSX] c:\windows\SYSTEM\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup

O4 - HKLM\..\Run: [Time grim blah junk] C:\WINDOWS\Application Data\Kind Burn Time Grim\BowsOnce.exe

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Norman ZANDA] C:\NORMAN\NVC\BIN\ZANDA.EXE /LOAD

O4 - HKLM\..\RunServices: [sSDPSRV] c:\windows\SYSTEM\ssdpsrv.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMFILER\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\PROGRAMFILER\LOGITECH\VIDEO\MANIFESTENGINE.EXE boot

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab28578.cab

Share this post


Link to post

O4 - HKLM\..\Run: [Time grim blah junk] C:\WINDOWS\Application Data\Kind Burn Time Grim\BowsOnce.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

 

Et raskt overblikk sier meg iallfall at disse er mistenkelige, men ikke slett noe før du er sikker. Gå til ComputerCops.biz og post loggen din der.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...