Søg
Avatar billede computerphper Nybegynder
25. oktober 2003 - 20:39 Der er 21 kommentarer og
2 løsninger

Har jeg virus/trojans osv.?

Hey, ville lige spørge om nogle kunne tjek min Hijackthis log for virus/trojans osv?
Tror ikk jeg har nogle, men vil lige være sikker :D

-------------
Logfile of HijackThis v1.97.3
Scan saved at 20:39:53, on 25-10-2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Apache Group\Apache\Apache.exe
D:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe
D:\Program Files\Apache Group\Apache\Apache.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\ORL\VNC\WinVNC.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\PROGRA~1\Cacheman\Cacheman.exe
D:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Winamp3\winamp3.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allcybersearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [DirectX64] D:\WINNT\System32\DirectXset.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cacheman] D:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = D:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.3928356481
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BEEC582-C97B-40BB-B12A-B327DBFAC36E}: NameServer = 192.168.1.1
Avatar billede fromsej Praktikant
25. oktober 2003 - 20:44 #1
Jeg tjekker den lige for dig.
Avatar billede fromsej Praktikant
25. oktober 2003 - 20:56 #2
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart, ny logfil herind.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.allcybersearch.com/ie/
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:04 #3
Gør jeg lige.
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:05 #4
Logfile of HijackThis v1.97.3
Scan saved at 21:07:57, on 25-10-2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Norton Personal Firewall\NISUM.EXE
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Apache Group\Apache\Apache.exe
D:\Program Files\Symantec\DeepSight Extractor\ccExtractorService.exe
D:\Program Files\Apache Group\Apache\Apache.exe
D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
D:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\ORL\VNC\WinVNC.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Messenger Plus! 2\MsgPlus.exe
D:\PROGRA~1\Cacheman\Cacheman.exe
D:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
D:\WINNT\System32\svchost.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [DirectX64] D:\WINNT\System32\DirectXset.exe
O4 - HKLM\..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Cacheman] D:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [MessengerPlus2] "D:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = D:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37865.3928356481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BEEC582-C97B-40BB-B12A-B327DBFAC36E}: NameServer = 192.168.1.1
Avatar billede fromsej Praktikant
25. oktober 2003 - 21:08 #5
Din log er ren nu, for at holde skidtet ude af din PC, kan du hente flg. programmer:
Spywareblaster, Spywareguard, IE-Spyad og Empty Temp Folders, dem finder du, sammen med danske vejledninger her:
http://www.spywarefri.dk/vaerktoj.htm
Læs især om IE-Spyad, så du får det fulde udbytte af dette lille geniale program.
Mvh:
Fromsej/Team Spywarefri.
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:09 #6
Jeg vil lige vente med at give dig point, for ville spørge om du havde lyst til at tjene 140 point mere?
Så skal du bare tjekke 1 til log - fra min server?
Avatar billede fromsej Praktikant
25. oktober 2003 - 21:11 #7
Den her skal lige med, den overså jeg desværre.
O4 - HKLM\..\Run: [DirectX64] D:\WINNT\System32\DirectXset.exe
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:13 #8
Ok, fjerner lige - men vil du tjekke 1 til log og tjene 140 point x-tra?
Avatar billede fromsej Praktikant
25. oktober 2003 - 21:13 #9
Kom bare med den næste log også.
Men fix lige den jeg overså.
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:14 #10
Er gjort - 2sek findr lige den anden log frem..
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:18 #11
Der er så sindsygt meget lort på den her, tror jeg:
-------------------------
Logfile of HijackThis v1.97.3
Scan saved at 21:28:31, on 25-10-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\FæLLES FILER\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMER\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMER\WINROUTE PRO\WINROUTE.EXE
C:\PROGRAMMER\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAMMER\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\PROGRAMMER\ORL\VNC\WINVNC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\FæLLES FILER\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMER\CD-WRITER PLUS\HP SIMPLE TRAX\HPCRON.EXE
C:\PROGRAMMER\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\SBPCI\CTMIX32.EXE
C:\PROGRAMMER\WINROUTE PRO\WRCTRL.EXE
C:\PROGRAMMER\CACHEMAN\CACHEMAN.EXE
C:\PROGRAMMER\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP OFFICEJET PRO 1170C-SERIEN\HPMSP2IA.EXE
C:\WINDOWS\SYSTEM\hpmdlbia.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP OFFICEJET PRO 1170C-SERIEN\HPMSP4IA.EXE
C:\DOKUMENTER\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xupiter.com/search2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.martfinder.com/spindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.martfinder.com/spindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 66.40.21.73 auto.search.msn.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [HP Simple Trax] C:\Programmer\CD-Writer Plus\HP Simple Trax\hpcron.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Programmer\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [WinRoute] "C:\Programmer\WinRoute Pro\winroute.exe" /hide
O4 - HKLM\..\RunServices: [Nisum] C:\Programmer\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Programmer\Norton Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMER\ORL\VNC\WINVNC.EXE" -service
O4 - HKCU\..\Run: [WrCtrl] "C:\Programmer\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Programmer\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HP ScanPicture.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet Pro 1170C-serien\hpmsp2ia.exe
O4 - Startup: HP 1170 FPB.lnk = C:\WINDOWS\SYSTEM\hpmdlbia.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
O16 - DPF: {1D2DCA0D-B30F-40AD-9690-087105F214EC} (IEDial Class) - http://download.nocreditcard.com/download/Object/ieaccess2.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://217.145.76.6/quickdl/proclaim/NSupd9x.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {A27CFCAE-9351-4D74-BFFC-21EB19693D8C} - http://www.xupiter.com/search2/install/XupiterToolbarLoader.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} (MoneyTree Dialer) - http://xbs.mtreexxx.nl/mt/dialers/fc/UniDist.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37595.3025231482
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://www.deluxserials.com/mp3.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede fromsej Praktikant
25. oktober 2003 - 21:19 #12
Ja, det er der.*S*
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:20 #13
Jeg har lige afsat 140 point mere til dig - ventr bare på svar nu ;)
Avatar billede fromsej Praktikant
25. oktober 2003 - 21:22 #14
Prøv lige en onlinescan med X-block, den burde kunne fjerne meget af det, genstart så og kom med en ny logfil.
http://www.spywarefri.dk/onlinevark.htm
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:29 #15
Logfile of HijackThis v1.97.3
Scan saved at 21:40:36, on 25-10-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\FæLLES FILER\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMER\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\PROGRAMMER\WINROUTE PRO\WINROUTE.EXE
C:\PROGRAMMER\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAMMER\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\PROGRAMMER\ORL\VNC\WINVNC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\FæLLES FILER\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMER\CD-WRITER PLUS\HP SIMPLE TRAX\HPCRON.EXE
C:\PROGRAMMER\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\SBPCI\CTMIX32.EXE
C:\PROGRAMMER\WINROUTE PRO\WRCTRL.EXE
C:\PROGRAMMER\CACHEMAN\CACHEMAN.EXE
C:\PROGRAMMER\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP OFFICEJET PRO 1170C-SERIEN\HPMSP2IA.EXE
C:\WINDOWS\SYSTEM\hpmdlbia.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\HP OFFICEJET PRO 1170C-SERIEN\HPMSP4IA.EXE
C:\DOKUMENTER\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xupiter.com/search2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.martfinder.com/spindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.martfinder.com/spindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 66.40.21.73 auto.search.msn.com
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [HP Simple Trax] C:\Programmer\CD-Writer Plus\HP Simple Trax\hpcron.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Programmer\CD-Writer Plus\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [iamapp] C:\Programmer\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [CreativeMixer] C:\SBPCI\ctmix32.exe /T
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [WinRoute] "C:\Programmer\WinRoute Pro\winroute.exe" /hide
O4 - HKLM\..\RunServices: [Nisum] C:\Programmer\Norton Personal Firewall\NISUM.EXE
O4 - HKLM\..\RunServices: [ccPxySvc] C:\PROGRA~1\NORTON~2\CCPXYSVC.EXE
O4 - HKLM\..\RunServices: [nisserv] C:\Programmer\Norton Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMER\ORL\VNC\WINVNC.EXE" -service
O4 - HKCU\..\Run: [WrCtrl] "C:\Programmer\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\CACHEMAN\Cacheman.exe
O4 - Startup: InControl Desktop Manager.lnk = C:\Programmer\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HP ScanPicture.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet Pro 1170C-serien\hpmsp2ia.exe
O4 - Startup: HP 1170 FPB.lnk = C:\WINDOWS\SYSTEM\hpmdlbia.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37595.3025231482
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede fromsej Praktikant
25. oktober 2003 - 21:55 #16
Jeg fik lige assistance fra Aovergaard, så du får det i to indlæg.*S*
Disse her skal fixes, men ikke før Aovergaard´s er kommet.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xupiter.com/search2.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.martfinder.com/spindex.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.martfinder.com/spindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.martfinder.com/spindex.html
O1 - Hosts: 66.40.21.73 auto.search.msn.com
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Avatar billede aovergaard Nybegynder
25. oktober 2003 - 21:56 #17
Og her kommer de sidste så:

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/ddc/shockwave/wtinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
Aovergaard/Team Spywarefri

Genstart din computer og kom med en ny log, så tjekker vi om alt nu også er væk
Avatar billede computerphper Nybegynder
25. oktober 2003 - 21:59 #18
Ok 2sek :S - btw, hvordan vil I have point fordelt!? Nu har jeg jo lovet dig 200 point, fromsej?
Avatar billede fromsej Praktikant
25. oktober 2003 - 22:00 #19
Du deler dem bare med 100 til hver, det er helt OK.*S*
Avatar billede computerphper Nybegynder
25. oktober 2003 - 22:03 #20
Tak for hjælpen!
Avatar billede computerphper Nybegynder
25. oktober 2003 - 22:04 #21
- Jeg har selv tjekket loggen igennem, og alt hva I sagde r væk ;)
Avatar billede fromsej Praktikant
25. oktober 2003 - 22:04 #22
Velbekomme, tak for point.*S*
Sørg nu for at installere de programmer jeg foreslog på begge maskiner.
Avatar billede aovergaard Nybegynder
25. oktober 2003 - 22:08 #23
takker også for point;) Godt det hele forsvandt. Og de prg. som Fromsej foreslår de er bare rigtig gode. Vi kører begge to med dem, og har aldrig problemer.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 11:48 Nyåbnede sider flimrer på Android tablet, hvorfor Af annam i Andet software
I går 11:03 Bitlocker fordele-ulemper, samt nulstille PC Af Uvanga i Windows
20/0511:00 IIS på Win10 64 bit Af bsn i Webservere
20/0509:01 Bitlocker Af Chevy396 i Windows
18/0501:57 Tjek alle checkbox i form Af bsn i ASP
White papers
Flere white papers »