Søg
Avatar billede krc_ Nybegynder
04. marts 2004 - 18:14 Der er 6 kommentarer og
1 løsning

Hijack log

Logfile of HijackThis v1.97.7
Scan saved at 18:19:06, on 04-03-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAMMER\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAMMER\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMMER\IMMERSION CORPORATION\IMMERSION DESKTOP\IDESKTOP.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMER\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAMMER\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SKRIVEBORD\HIJACK\HJT.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/PBNET/OFFLINE/IE5/DANMARK.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [reminder.exe] C:\programmer\BackWeb\tuner\reminder.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [IDesktop] C:\Programmer\Immersion Corporation\Immersion Desktop\idesktop.exe 1
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Programmer\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAMMER\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Jubii Messenger.lnk = C:\Programmer\Jubii Messenger\LM.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .mts: C:\Programmer\MetaCreations\MetaStream\npmetastream.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
Avatar billede arlet Juniormester
04. marts 2004 - 18:15 #1
løber den lige igennem
Avatar billede krc_ Nybegynder
04. marts 2004 - 18:15 #2
tak...det er sgu hurtig response :o)
Avatar billede arlet Juniormester
04. marts 2004 - 18:37 #3
Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.



O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O12 - Plugin for .mts: C:\Programmer\MetaCreations\MetaStream\npmetastream.dll



Find og slet i fejlsikret(f8 ved opstart):


C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE



Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.
Avatar billede krc_ Nybegynder
05. marts 2004 - 12:55 #4
Undskyld for den lange responsetid


Logfile of HijackThis v1.97.7
Scan saved at 11:17:39, on 05-03-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAMMER\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMMER\IMMERSION CORPORATION\IMMERSION DESKTOP\IDESKTOP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAMMER\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAMMER\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\JUBII MESSENGER\LM.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SKRIVEBORD\HIJACK\HJT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/PBNET/OFFLINE/IE5/DANMARK.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [reminder.exe] C:\programmer\BackWeb\tuner\reminder.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [IDesktop] C:\Programmer\Immersion Corporation\Immersion Desktop\idesktop.exe 1
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Programmer\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAMMER\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Jubii Messenger.lnk = C:\Programmer\Jubii Messenger\LM.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
Avatar billede arlet Juniormester
05. marts 2004 - 12:57 #5
Helt i orden*S*

Mangler lige en enkelt, som skal fixes i hijackthis:
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

genstart og ny log
Avatar billede krc_ Nybegynder
06. marts 2004 - 14:05 #6
Ja så gik der lige en dag mere :D

Logfile of HijackThis v1.97.7
Scan saved at 16:46:45, on 05-03-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAMMER\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMMER\IMMERSION CORPORATION\IMMERSION DESKTOP\IDESKTOP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAMMER\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAMMER\REAL\REALJUKEBOX\TSYSTRAY.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAMMER\JUBII MESSENGER\LM.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SKRIVEBORD\HIJACK\HJT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/PBNET/OFFLINE/IE5/DANMARK.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmer\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [reminder.exe] C:\programmer\BackWeb\tuner\reminder.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [IDesktop] C:\Programmer\Immersion Corporation\Immersion Desktop\idesktop.exe 1
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Programmer\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealJukeboxSystray] "C:\PROGRAMMER\REAL\REALJUKEBOX\tsystray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Jubii Messenger.lnk = C:\Programmer\Jubii Messenger\LM.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
Avatar billede arlet Juniormester
06. marts 2004 - 14:07 #7
Så er du ren og kan aktiver din systemgendannelse igen

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 01:57 Tjek alle checkbox i form Af bsn i ASP
17/0521:35 Lidt simpel (håber jeg) Photoshop hjælp Af fcs i Billedbehandling
16/0516:04 Canon printer vil ikke udskrive farver Af mort1 i Printere
16/0514:50 Hvilket fabrikat af Mesh systemer virker? Af fkj i Wifi
15/0513:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
White papers
Flere white papers »