Kidnappad sida igen

[hardyman]

Längesedan det hände, men nu är startsidan kidnappad igen.

Har kört alla tämkbara program och behöver nu hjälp med logfilen.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:13:01, on 2004-11-06

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint2K\Apoint.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\ltmoh\Ltmoh.exe

C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

C:\Program\Fujitsu\BtnHnd\BtnHnd.exe

C:\AddOn\Fujitsu\Hotkey\IndicatorUty.exe

C:\WINDOWS\System32\igfxtray.exe

C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program\DELADE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Apoint2K\Apntex.exe

C:\Program\SuperOffice\SoSync\SoSyncMonitor.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\chen\Mina dokument\Mina mottagna filer\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5795CB63-C7B7-4FA7-A49A-FC2FC5069FD0} - C:\WINDOWS\System32\klnc.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\AddOn\Fujitsu\Hotkey\IndicatorUty.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\Program\DELADE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Telia SMS i Datorn SA] C:\Program\Telia SMS i Datorn SA\SMS Executive Stand Alone.exe Silent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - Startup: SoSyncMonitor.lnk = C:\Program\SuperOffice\SoSync\SoSyncMonitor.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save page in SuperOffice - res://C:\Program\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra 'Tools' menuitem: Sun Java-konsol (HKLM)

O9 - Extra button: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)

O9 - Extra button: SuperOffice (HKLM)

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab

O16 - DPF: {07D620A1-2DF6-4342-B9B6-BA6A47645931} - http://195.225.177.13/20609/lax.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {77F43A82-A37D-495B-8173-F235EAB8546C} (SuperOffice CRM 5 WebServices Data Reader v1.0) - http://www.superoffice.net/common/components/DataReader.CAB

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.f5biz.com/dial/htm/WebInstall.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38107.1268402778

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1042956.exe

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lejon

O17 - HKLM\Software\..\Telephony: DomainName = Lejon

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lejon

 

 

 

[Zipp.]

Skicka en ny logg med nyaste Hijack.

Ta den här

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

[Metalmaid]

Samma sak för dig.

 

När du har blivit av med skäpet så kan du sätta ett lås på din startsida så att du inte råkar ut för att något program tar över och byter ut den för dig.

 

 

[927]

 

det är inte alltid det hjälper att låsa sidan. jag kan ge dig ett exempel om du vill. det är ett program, när du har installerat det så har du en annan låst startsida

 

[btener]

Alla dessa kidnappningar........

 

Använd webläsaren Mozilla Firefox http://www.mozilla.se/firefox.shtml för warez och/eller porrsurf,ok?

 

 

[hardyman]

 

Här är senaste loggen

Logfile of HijackThis v1.98.2

Scan saved at 15:37:44, on 2004-11-06

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Apoint2K\Apoint.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program\ltmoh\Ltmoh.exe

C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

C:\Program\Fujitsu\BtnHnd\BtnHnd.exe

C:\AddOn\Fujitsu\Hotkey\IndicatorUty.exe

C:\Program\Apoint2K\Apntex.exe

C:\WINDOWS\System32\igfxtray.exe

C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program\DELADE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\SuperOffice\SoSync\SoSyncMonitor.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Documents and Settings\chen\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\chen\LOKALA~1\Temp\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5795CB63-C7B7-4FA7-A49A-FC2FC5069FD0} - C:\WINDOWS\System32\klnc.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Apoint] C:\Program\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\AddOn\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\AddOn\Fujitsu\Hotkey\IndicatorUty.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\Program\DELADE~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [Telia SMS i Datorn SA] C:\Program\Telia SMS i Datorn SA\SMS Executive Stand Alone.exe Silent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - Startup: SoSyncMonitor.lnk = C:\Program\SuperOffice\SoSync\SoSyncMonitor.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Backward &Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Save page in SuperOffice - res://C:\Program\SUPERO~1\SoIeExtensions.dll/SavePageInSuperOffice.htm

O8 - Extra context menu item: Si&milar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)

O9 - Extra button: SuperOffice - {CC88D81F-6166-4F46-AC89-B75CD9CEB292} - C:\Program\SuperOffice\SoIeExtensions.dll

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_EN_XP.cab

O16 - DPF: {07D620A1-2DF6-4342-B9B6-BA6A47645931} - http://195.225.177.13/20609/lax.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_5_EN_XP.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {77F43A82-A37D-495B-8173-F235EAB8546C} (SuperOffice CRM 5 WebServices Data Reader v1.0) - http://www.superoffice.net/common/components/DataReader.CAB

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.f5biz.com/dial/htm/WebInstall.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1042956.exe

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Lejon

O17 - HKLM\Software\..\Telephony: DomainName = Lejon

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Lejon

O18 - Filter: text/html - {22ED3507-C677-4DA2-9796-65E1B1A0D3BE} - C:\WINDOWS\System32\klnc.dll

O18 - Filter: text/plain - {22ED3507-C677-4DA2-9796-65E1B1A0D3BE} - C:\WINDOWS\System32\klnc.dll

 

 

 

[Zipp.]

 

Vi måste kolla om du har en dold fil med här.

 

 

Ladda ner DllCompare.exe

 

http://download.broadbandmedic.com/DllCompare.exe

 

 

Öppna den och klicka Run Locate.com

Sen klicka Compare och vänta tills den analyserar färdigt

Sen klicka Make Log of what was found

 

 

Sen kopiera texten nedan i notepad

 

 

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv

ren windows1.hiv windows.txt

 

 

Spara den på skrivbordet med namn Appinit.bat

i Filformat sätter du alla filer

 

Sen dubbelklicka på Appinit.bat på skrivbordet och ut kommer windows.txt logg.

 

Kopiera båda loggar och skicka hit dom

 

DllCompare logg

windows.txt logg

 

 

[Guest idgadmin]

Testa Spysubtract Pro 2.60. Gratis i 30 dagar. Kanonbra! Tar bort Hijacs som lagt sej som startsida