Søg
Avatar billede steelman Novice
29. marts 2004 - 16:58 Der er 14 kommentarer og
1 løsning

HiJackThis log

Hej,

Er det en som vil gennemgå min log? Jeg får konstant ændret min start side, og små mærkelig programmer dukker op.....

Logfile of HijackThis v1.97.7
Scan saved at 16:57:04, on 29-03-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Util\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Util\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Util\Logitech\MouseWare\MouseWare\system\em_exec.exe
C:\WINNT\system32\DeltTray.exe
C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Idlepoprect\Exit style.exe
C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\~compoundinst0\auto_update_loader.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.esbjergkollegienet.dk;esbjergkollegienet.dk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "amazingautossearch.com");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Media\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\util\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\util\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [BlahPeak] C:\PROGRA~1\Idlepoprect\Exit style.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\~compoundinst0\auto_update_loader.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://80.209.97.226/iNotes.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://80.209.97.226/download/dolcontrol.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37935.3759143519
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

Tak
Steelman
Avatar billede arlet Juniormester
29. marts 2004 - 17:06 #1
løber den igennem
Avatar billede arlet Juniormester
29. marts 2004 - 17:14 #2
Hent og kør dette program: http://www.arlet.dk/cwshredder.htm
genstart og ny hijackthis log
Avatar billede steelman Novice
29. marts 2004 - 20:14 #3
Hmmm.... det fandt ikke noget.
Men jeg har kørt Spybot og Ad-Aware et par gange igen og den fandt lidt. Så nu bliver min startside ikke hele tiden ændret. Men en virus scan fandt 10 vira (!)

Jeg ligger en ny log:
Logfile of HijackThis v1.97.7
Scan saved at 20:13:23, on 29-03-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Util\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Util\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Util\Logitech\MouseWare\MouseWare\system\em_exec.exe
C:\WINNT\system32\DeltTray.exe
C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Idlepoprect\Exit style.exe
C:\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.esbjergkollegienet.dk;esbjergkollegienet.dk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "amazingautossearch.com");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Media\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\util\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\util\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [BlahPeak] C:\PROGRA~1\Idlepoprect\Exit style.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\~compoundinst0\auto_update_loader.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://80.209.97.226/iNotes.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://80.209.97.226/download/dolcontrol.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37935.3759143519
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

PFT. Steelman
Avatar billede arlet Juniormester
29. marts 2004 - 20:18 #4
ok. Jeg er igang med loggen. 10 minutter, så er jeg der.
Avatar billede arlet Juniormester
29. marts 2004 - 20:30 #5
Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://amazingautossearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html

O4 - HKLM\..\Run: [BlahPeak] C:\PROGRA~1\Idlepoprect\Exit style.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\~compoundinst0\auto_update_loader.exe"


Find og slet:


C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp <-tøm temp mappen helt
C:\PROGRA~1\Idlepoprect\Exit style.exe


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Avatar billede steelman Novice
29. marts 2004 - 20:39 #6
Hvad med denne linie?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
Skal den ikke også slettes?
Avatar billede steelman Novice
29. marts 2004 - 20:41 #7
UPS!!! Never mind....
Avatar billede arlet Juniormester
29. marts 2004 - 20:43 #8
hehe. ja, også den*S*
Avatar billede steelman Novice
29. marts 2004 - 20:57 #9
:-)
Nu log:
Logfile of HijackThis v1.97.7
Scan saved at 20:57:04, on 29-03-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Util\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Util\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Util\Logitech\MouseWare\MouseWare\system\em_exec.exe
C:\WINNT\system32\DeltTray.exe
C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
C:\hijackthis2\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.esbjergkollegienet.dk;esbjergkollegienet.dk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "amazingautossearch.com");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Media\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\util\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\util\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [BlahPeak] C:\PROGRA~1\IDLEPO~1\Exit style.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://80.209.97.226/iNotes.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://80.209.97.226/download/dolcontrol.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37935.3759143519
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede arlet Juniormester
29. marts 2004 - 21:26 #10
denne skal lige væk:
O4 - HKLM\..\Run: [BlahPeak] C:\PROGRA~1\IDLEPO~1\Exit style.exe

genstart og ny log
Avatar billede steelman Novice
29. marts 2004 - 22:19 #11
Okay. Hvad med:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://amazingautossearch.com/searchbar.html
N3 - Netscape 7: user_pref("browser.startup.homepage", "amazingautossearch.com");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
Avatar billede arlet Juniormester
29. marts 2004 - 22:55 #12
De skal også væk, hvis du ikke bruger netscape.

Husk genstart og ny log bagefter
Avatar billede steelman Novice
29. marts 2004 - 23:34 #13
Okay, men jeg bruger også netscape så jeg lader dem være :-)
Ny log:
Logfile of HijackThis v1.97.7
Scan saved at 23:34:32, on 29-03-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Util\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Programmer\Util\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Util\Logitech\MouseWare\MouseWare\system\em_exec.exe
C:\WINNT\system32\DeltTray.exe
C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
C:\hijackthis4\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.0.20:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.esbjergkollegienet.dk;esbjergkollegienet.dk;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.startup.homepage", "amazingautossearch.com");\nuser_pref("browser.startup.page", 1); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\nsnlw49s.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Media\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Util\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Util\Logitech\iTouch\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\util\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\util\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Internet\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O16 - DPF: Profile CAPI 7,0,0,478 - https://udstedelse.certifikat.tdc.dk/person/applets/entrustprofileapplet-capi.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://80.209.97.226/iNotes.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} (LotusDRSControl Class) - http://80.209.97.226/download/dolcontrol.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37935.3759143519
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede arlet Juniormester
30. marts 2004 - 09:44 #14
Så er du ren

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede steelman Novice
30. marts 2004 - 15:11 #15
Okay. Tak for hjælpen :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 01:57 Tjek alle checkbox i form Af bsn i ASP
I går 21:35 Lidt simpel (håber jeg) Photoshop hjælp Af fcs i Billedbehandling
16/0516:04 Canon printer vil ikke udskrive farver Af mort1 i Printere
16/0514:50 Hvilket fabrikat af Mesh systemer virker? Af fkj i Wifi
15/0513:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
White papers
Flere white papers »