Søg
Avatar billede fcbent Nybegynder
01. februar 2004 - 12:21 Der er 5 kommentarer og
1 løsning

hijackthis log

her er min log er der nogen der gider at hjælpe???
jeg har læst ALLE regler nu!!!

Logfile of HijackThis v1.97.7
Scan saved at 12:18:48, on 01-02-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\System32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\windows\system32\spoolsv.exe
C:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Winamp\winamp.exe
C:\Documents and Settings\joe enders\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searching.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.msn.com/0/1000/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\1.0.1322.0\en-us\msntb.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WCGJMPTWA] C:\WINDOWS\WCGJMPTWA.exe
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAMMER\ROCKETDIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [startpage] c:\startpage.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Programmer\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [11022585.exe] C:\WINDOWS\System32\11022585.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\Overnet.exe -t
O4 - HKLM\..\Run: [Bargains] C:\Programmer\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Trickler] "c:\temp\~vis0000\fsg_4104.exe"
O4 - HKLM\..\Run: [20255678.exe] C:\windows\System32\20255678.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [startpage] c:\startpage.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38007.1658101852
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} (iiittt Class) - http://toolbar2.i-lookup.com/toolbar2/windec32.cab
Avatar billede fromsej Praktikant
01. februar 2004 - 12:23 #1
Ja, jeg kigger den lige igennem.
Avatar billede fromsej Praktikant
01. februar 2004 - 12:39 #2
Deaktiver systemgendannelse:
http://www.spywarefri.dk/virusscannere.htm#alle

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret(Tryk <F8> under opstart) og slet filerne listet nederst.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searching.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: (no name) - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [WCGJMPTWA] C:\WINDOWS\WCGJMPTWA.exe
O4 - HKLM\..\Run: [startpage] c:\startpage.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Programmer\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [11022585.exe] C:\WINDOWS\System32\11022585.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Bargains] C:\Programmer\Bargain Buddy\bin\bargains.exe
O4 - HKLM\..\Run: [Trickler] "c:\temp\~vis0000\fsg_4104.exe"
O4 - HKLM\..\Run: [20255678.exe] C:\windows\System32\20255678.exe
O4 - HKCU\..\Run: [startpage] c:\startpage.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} (iiittt Class) - http://toolbar2.i-lookup.com/toolbar2/windec32.cab

---------------------------------------
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

---------------------------------------
Slettes i fejlsikret.
C:\Programmer\MyWay\myBar << Mappen.
C:\WINDOWS\WCGJMPTWA.exe << Filen.
c:\startpage.exe << Filen.
C:\Programmer\ClearSearch << Mappen.
C:\WINDOWS\System32\11022585.exe << Filen.
C:\Programmer\Power Scan << Mappen.
C:\Programmer\Bargain Buddy << Mappen.
c:\temp >> Slet alt hvad der ligger i mappen, undtaget Index.dat
C:\windows\System32\20255678.exe << Filen.

---------------------------------------
Genstart og kom med en ny logfil, så jeg kan se om alt er med.

Hent og installer Servicepack 1 til XP her:
http://www.it-service.sdu.dk/vis.php?side=84
Få hentet alle opdateringer hos Microsoft.
Avatar billede fcbent Nybegynder
01. februar 2004 - 13:55 #3
tak det hjalp skal du se loggen igen??
Avatar billede fcbent Nybegynder
01. februar 2004 - 13:55 #4
Logfile of HijackThis v1.97.7
Scan saved at 13:56:06, on 01-02-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\System32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\windows\system32\spoolsv.exe
C:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\windows\System32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\joe enders\Skrivebord\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\1.0.1322.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAMMER\ROCKETDIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\Overnet.exe -t
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [startpage] c:\startpage.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\System32\ctfmon.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38007.1658101852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Avatar billede johnstigers Seniormester
01. februar 2004 - 14:00 #5
O4 - HKCU\..\Run: [startpage] c:\startpage.exe

Prøv lige at fixe den igen
Avatar billede fromsej Praktikant
01. februar 2004 - 14:03 #6
O4 - HKCU\..\Run: [startpage] c:\startpage.exe
Den skal lige fixes, så er din log ren.
Se at få opdateret og installeret Servicepack 1.
for at holde snavs ude af din maskine har vi lavet en pakkeløsning, minimumsanbefaling er Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
http://www.spywarefri.dk/pakken.htm
Mvh:
Fromsej/Team Spywarefri.
Ps:
Tak for point.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
18/0501:57 Tjek alle checkbox i form Af bsn i ASP
17/0521:35 Lidt simpel (håber jeg) Photoshop hjælp Af fcs i Billedbehandling
16/0516:04 Canon printer vil ikke udskrive farver Af mort1 i Printere
16/0514:50 Hvilket fabrikat af Mesh systemer virker? Af fkj i Wifi
15/0513:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
White papers
Flere white papers »