Søg
Avatar billede adh88 Nybegynder
02. november 2003 - 21:11 Der er 16 kommentarer og
1 løsning

Tjek lige min hijackthis log fil tak!

Jeg har lige installeret messenger PLUS. Regnede selfølgelig ikke med at der var spyware i sådan et program, men jeg tog fejl.....!
Scannede først med X-blocker fra spywarefri.dk og bagefter med Spybot. De fandt begge 2 en del!!

Så nu vil jeg gerne lige have nogle spywarefri.dk eksperter til at tjekke  min hijackthis logfil:)




Logfile of HijackThis v1.97.3
Scan saved at 21:08:02, on 02-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\ICQLite\ICQLite.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Programmer\TotalRecorder\TotRecSched.exe
D:\half-l~1\steam\steam.exe
D:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmer\Webshots\WebshotsTray.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\Rem143.exe
C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\Tal144.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Anders Hansen\Lokale indstillinger\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {31f77b5f-2195-45e3-9b83-d59096d32ea9} - C:\DOCUME~1\ANDERS~1\APPLIC~1\eeemlcrjg.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: oqqkiessjss - {9902798e-3e2c-4d42-8204-d958be7ecf79} - C:\DOCUME~1\ANDERS~1\APPLIC~1\eeemlcrjg.dll
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\RunServices: [Detect] D:\Programmer\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "d:\half-l~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "D:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySweeper] D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programmer\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Webshots.lnk = D:\Programmer\Webshots\WebshotsTray.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37717.0268981481
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab
Avatar billede arlet Juniormester
02. november 2003 - 21:12 #1
Jeg går i gang med den samme, der går en lille times tid

Slet ikke noget imens
Avatar billede johnstigers Seniormester
02. november 2003 - 21:15 #2
bare lige et hurtigt blik fortæller mig at dette skal slettes:

C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\Rem143.exe
C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\Tal144.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html

O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
Avatar billede johnstigers Seniormester
02. november 2003 - 21:16 #3
UPS! Blev ikke færdig! der kommer mere - men vent med at slette til arlet har givet sit besyv med - han er mesteren til dette :)
Avatar billede johnstigers Seniormester
02. november 2003 - 21:17 #4
Nej - der var ikke mere alligevel.
Avatar billede adh88 Nybegynder
02. november 2003 - 21:23 #5
Så messenger PLUS er altså spyware?? Ej, skod! Synes ellers det er ret godt....
Avatar billede johnstigers Seniormester
02. november 2003 - 21:32 #6
Det synedes jeg også - til jeg fandt ud af at det var spyware
Avatar billede arlet Juniormester
02. november 2003 - 21:33 #7
john_stigers er en ørn til at tjekke disse hjt*S*

Der var en del snavs:
Du skal nu til at i gang med at fixe. Men først skal du lige have noget instruktion. Allerførst skal du slå systemgendannelse fra. Hvis du ikke ved hvordan du gør det så kig her: http://www.spywarefri.dk/virus.htm#alle derefter skal du åbne hijackthis. Du får herunder nogle filer som du skal fixe, det du skal gøre er at sætte en vinge ud for alle disse filer. IKKE FIXE endnu. Når du har gjort det så lukker du alle andre vinduer ned, det er meget vigtigt at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue når du har markeret filerne. Nu må du fixe. Klik på Fix chekede. Efter fix skal du genstarte din computer.
Her er de filer, du skal fixe :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mysearchnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
------------------------------------------------------------
Er den nogle du selv har lavet, ellers skal de også fixes:

O2 - BHO: (no name) - {31f77b5f-2195-45e3-9b83-d59096d32ea9} - C:\DOCUME~1\ANDERS~1\APPLIC~1\eeemlcrjg.dll
O3 - Toolbar: oqqkiessjss - {9902798e-3e2c-4d42-8204-d958be7ecf79} - C:\DOCUME~1\ANDERS~1\APPLIC~1\eeemlcrjg.dll




Derefter Genstarter du i fejlsikret tilstand(Fejlsikret tilstand kommer du i ved at trykke på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows.) Find følgende fil i Stifinder og slet den:


C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\Rem143.exe
C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\Tal144.exe


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må de aktiver din systemgendannelse igen.

Du kan læse mere om MessengerPlus her : http://www.spywareinfo.com/newsletter/archives/june-2003/3.php
Avatar billede fromsej Praktikant
02. november 2003 - 21:40 #8
Arlet>>Dem burde du snart kende, det er C2lop alle tegnene er der.

O2 - BHO: (no name) - {31f77b5f-2195-45e3-9b83-d59096d32ea9} - C:\DOCUME~1\ANDERS~1\APPLIC~1\eeemlcrjg.dll
O3 - Toolbar: oqqkiessjss - {9902798e-3e2c-4d42-8204-d958be7ecf79} - C:\DOCUME~1\ANDERS~1\APPLIC~1\eeemlcrjg.dll

Application Data, mange bogstaver.dll de skal fixes.
Avatar billede arlet Juniormester
02. november 2003 - 21:44 #9
Som fromsej siger så skal de 2 også fixes*S*
Avatar billede adh88 Nybegynder
02. november 2003 - 21:54 #10
Her er ned nye log efter jeg har fixet det:) Håber jeg er fri nu.....!


Logfile of HijackThis v1.97.3
Scan saved at 21:53:17, on 02-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\ICQLite\ICQLite.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Programmer\TotalRecorder\TotRecSched.exe
D:\half-l~1\steam\steam.exe
D:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmer\Webshots\WebshotsTray.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anders Hansen\Lokale indstillinger\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\RunServices: [Detect] D:\Programmer\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [Steam] "d:\half-l~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "D:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySweeper] D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programmer\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Webshots.lnk = D:\Programmer\Webshots\WebshotsTray.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37717.0268981481
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab
Avatar billede adh88 Nybegynder
02. november 2003 - 21:55 #11
Ja, jeg har slettet de 2 der også...
ja det er rigtigt..Dem burde du snart kende;) hehe....
Avatar billede arlet Juniormester
02. november 2003 - 22:00 #12
denne skal fixes:

O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart

Genstart og ny log
Avatar billede adh88 Nybegynder
02. november 2003 - 22:09 #13
Her:


Logfile of HijackThis v1.97.3
Scan saved at 22:08:55, on 02-11-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\ICQLite\ICQLite.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Programmer\TotalRecorder\TotRecSched.exe
D:\half-l~1\steam\steam.exe
D:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
D:\Programmer\Webshots\WebshotsTray.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Anders Hansen\Lokale indstillinger\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\RunServices: [Detect] D:\Programmer\iNTERNET Turbo\iDetect.exe /auto
O4 - HKCU\..\Run: [Steam] "d:\half-l~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "D:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySweeper] D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programmer\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Webshots.lnk = D:\Programmer\Webshots\WebshotsTray.exe
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37717.0268981481
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D32C3BAD-5213-49BD-A7D5-E6DE6C0D8249} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://3dgamers.tukati.com/tukati/1.7.20.20/tukati.cab
Avatar billede arlet Juniormester
02. november 2003 - 22:10 #14
Så blev du ren, lang om længe, og kan nu aktiver din systemgendannelse.

For at sikre din fremtidige færden på nettet vil jeg foreslå at du henter følgende programmer :
Spywareblaster & Spyguard & IE-SPYAD & Empty Temp Folders & Ad-aware

Alle programmerne finder du her http://www.spywarefri.dk/vaerktoj.htm

Hvor der også er en beskrivelse af programmet, samt en installations vejledning..

Alt sammen skal løbende opdateres, ligesom dit windows og IE..

Derefter kan du trygt surfe på nettet, uden at få alt det snavs på computeren.
Avatar billede adh88 Nybegynder
02. november 2003 - 22:11 #15
jo tak! Mange tak for hjælpen!!
Avatar billede arlet Juniormester
02. november 2003 - 22:22 #16
Takker for point *S*
Avatar billede johnstigers Seniormester
02. november 2003 - 22:32 #17
Sorry for spam - arlet http://www.eksperten.dk/spm/422304
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 11:48 Nyåbnede sider flimrer på Android tablet, hvorfor Af annam i Andet software
I går 11:03 Bitlocker fordele-ulemper, samt nulstille PC Af Uvanga i Windows
20/0511:00 IIS på Win10 64 bit Af bsn i Webservere
20/0509:01 Bitlocker Af Chevy396 i Windows
18/0501:57 Tjek alle checkbox i form Af bsn i ASP
White papers
Flere white papers »