Notifikationer

Markér alle som læst Log ud

metal_hansen Nybegynder

06. april 2004 - 17:08 Der er 12 kommentarer og
1 løsning

hvem vil tjekke en hijack-this log

Logfile of HijackThis v1.97.7
Scan saved at 17:05:44, on 06-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\CesarFTP\server.exe
C:\Programmer\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ICQPlus\vplus.exe
C:\Programmer\Tweak-XP\blads.exe
C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
C:\Programmer\WinBar\WinBar.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\Programmer\Raxco\PerfectDisk\PDSched.exe
C:\Programmer\Raxco\PerfectDisk\PerfectDisk.exe
C:\Program Files\ICQ\icq.exe
C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Pop3Trap.exe
C:\Programmer\Trend Micro\PC-cillin 2000\PNTIOMON.EXE
C:\Programmer\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\svchost.exe
C:\Documents and Settings\Rune Hansen\Lokale indstillinger\Temp\Midlertidig mappe 3 for hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programmer\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BlockAds] C:\Programmer\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - Startup: WinBar.lnk = C:\Programmer\WinBar\WinBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: OutTray.lnk = C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Debt Solutions (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://213.159.118.226/content.php::/x.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38077.6361689815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52841967-8FDB-4CED-8602-753656ED271C}: NameServer = 212.242.40.3,212.242.40.51

Synes godt om

metal_hansen Nybegynder

06. april 2004 - 17:10 #1

hmm vi prøver lige igen - det ser ud til at der kom lidt mere 2. gang...

Logfile of HijackThis v1.97.7
Scan saved at 17:09:35, on 06-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\CesarFTP\server.exe
C:\Programmer\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ICQPlus\vplus.exe
C:\Programmer\Tweak-XP\blads.exe
C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
C:\Programmer\WinBar\WinBar.exe
C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
C:\Programmer\Raxco\PerfectDisk\PDSched.exe
C:\Programmer\Raxco\PerfectDisk\PerfectDisk.exe
C:\Program Files\ICQ\icq.exe
C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Pop3Trap.exe
C:\Programmer\Trend Micro\PC-cillin 2000\PNTIOMON.EXE
C:\Programmer\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rune Hansen\Lokale indstillinger\Temp\Midlertidig mappe 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://about-blank.ws/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.ws/page/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://about-blank.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://about-blank.ws/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://about-blank.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
O1 - Hosts: 213.159.118.226 1-se.com
O1 - Hosts: 213.159.118.226 58q.com
O1 - Hosts: 213.159.118.226 aifind.cc
O1 - Hosts: 213.159.118.226 aifind.info
O1 - Hosts: 213.159.118.226 allneedsearch.com
O1 - Hosts: 213.159.118.226 approvedlinks.com
O1 - Hosts: 213.159.118.226 auto.ie.searchforge.com
O1 - Hosts: 213.159.118.226 awebfind.biz
O1 - Hosts: 213.159.118.226 best.royalsearch.net
O1 - Hosts: 213.159.118.226 cracks.am
O1 - Hosts: 213.159.118.226 default-homepage-network.com
O1 - Hosts: 213.159.118.226 find.microgirls.com
O1 - Hosts: 213.159.118.226 find4u.net
O1 - Hosts: 213.159.118.226 freshvideogals.com
O1 - Hosts: 213.159.118.226 i-lookup.com
O1 - Hosts: 213.159.118.226 ie-search.com
O1 - Hosts: 213.159.118.226 in.webcounter.cc
O1 - Hosts: 213.159.118.226 itseasy.us
O1 - Hosts: 213.159.118.226 just.find-itnow.com
O1 - Hosts: 213.159.118.226 link.startmake.com
O1 - Hosts: 213.159.118.226 mysearchnow.com
O1 - Hosts: 213.159.118.226 nativehardcore.com
O1 - Hosts: 213.159.118.226 qwertysearch123.biz
O1 - Hosts: 213.159.118.226 search.ieplugin.com
O1 - Hosts: 213.159.118.226 search.psn.cn
O1 - Hosts: 213.159.118.226 searchbar.findthewebsiteyouneed.com
O1 - Hosts: 213.159.118.226 searchcentrix.com
O1 - Hosts: 213.159.118.226 searchmyrequest.com
O1 - Hosts: 213.159.118.226 super-spider.com
O1 - Hosts: 213.159.118.226 t.rack.cc
O1 - Hosts: 213.159.118.226 teen-biz.com
O1 - Hosts: 213.159.118.226 teenhqpics.com
O1 - Hosts: 213.159.118.226 tits.hardcore4ever.net
O1 - Hosts: 213.159.118.226 webcoolsearch.com
O1 - Hosts: 213.159.118.226 wmmse.com
O1 - Hosts: 213.159.118.226 www.008i.com
O1 - Hosts: 213.159.118.226 www.2fastsearch.net
O1 - Hosts: 213.159.118.226 www.8095.com
O1 - Hosts: 213.159.118.226 www.alfa-search.com
O1 - Hosts: 213.159.118.226 www.boredlife.com
O1 - Hosts: 213.159.118.226 www.couldnotfind.com
O1 - Hosts: 213.159.118.226 www.cracks.am
O1 - Hosts: 213.159.118.226 www.daum.net
O1 - Hosts: 213.159.118.226 www.dreamwiz.com
O1 - Hosts: 213.159.118.226 www.find-itnow.com
O1 - Hosts: 213.159.118.226 www.find-itnow.com
O1 - Hosts: 213.159.118.226 www.find4u.net
O1 - Hosts: 213.159.118.226 www.firstbookmark.com
O1 - Hosts: 213.159.118.226 www.gajai.com
O1 - Hosts: 213.159.118.226 www.hand-book.com
O1 - Hosts: 213.159.118.226 www.hao123.com
O1 - Hosts: 213.159.118.226 www.hotsearchbox.com
O1 - Hosts: 213.159.118.226 www.hotwebsearch.com
O1 - Hosts: 213.159.118.226 www.hugesearch.net
O1 - Hosts: 213.159.118.226 www.iquicksearch.com
O1 - Hosts: 213.159.118.226 www.lookfor.cc
O1 - Hosts: 213.159.118.226 www.maxxxhosters.com
O1 - Hosts: 213.159.118.226 www.naver.com
O1 - Hosts: 213.159.118.226 www.nkvd.us
O1 - Hosts: 213.159.118.226 www.novafuck.com
O1 - Hosts: 213.159.118.226 www.ohcorea.com
O1 - Hosts: 213.159.118.226 www.omega-search.com
O1 - Hosts: 213.159.118.226 www.onet.pl
O1 - Hosts: 213.159.118.226 www.power-search.info
O1 - Hosts: 213.159.118.226 www.rightfinder.net
O1 - Hosts: 213.159.118.226 www.search-1.net
O1 - Hosts: 213.159.118.226 www.search-and-go.com
O1 - Hosts: 213.159.118.226 www.search-dot.com
O1 - Hosts: 213.159.118.226 www.search-space.com
O1 - Hosts: 213.159.118.226 www.searchforge.com
O1 - Hosts: 213.159.118.226 www.searching-the-net.com
O1 - Hosts: 213.159.118.226 www.searchv.com
O1 - Hosts: 213.159.118.226 www.searchxl.com
O1 - Hosts: 213.159.118.226 www.seznam.cz
O1 - Hosts: 213.159.118.226 www.slotch.com
O1 - Hosts: 213.159.118.226 www.spidersearch.com
O1 - Hosts: 213.159.118.226 www.startium.com
O1 - Hosts: 213.159.118.226 www.therealsearch.com
O1 - Hosts: 213.159.118.226 www.ttjj.com
O1 - Hosts: 213.159.118.226 www.viewpornkey.com
O1 - Hosts: 213.159.118.226 www.wazzupnet.com
O1 - Hosts: 213.159.118.226 www.websearch.com
O1 - Hosts: 213.159.118.226 www.windowws.cc
O1 - Hosts: 213.159.118.226 www.xgmm.com
O1 - Hosts: 213.159.118.226 xwebsearch.biz
O1 - Hosts: 213.159.118.226 yourbookmarks.ws
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programmer\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BlockAds] C:\Programmer\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - Startup: WinBar.lnk = C:\Programmer\WinBar\WinBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: OutTray.lnk = C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Debt Solutions (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://about-blank.ws/page/
O13 - WWW Prefix: http://about-blank.ws/page/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://213.159.118.226/content.php::/x.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38077.6361689815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52841967-8FDB-4CED-8602-753656ED271C}: NameServer = 212.242.40.3,212.242.40.51

Synes godt om

arlet Juniormester

06. april 2004 - 17:12 #2

hent og kør dette program:
http://www.arlet.dk/cwshredder.htm
genstart og ny hijackthis log

Synes godt om

metal_hansen Nybegynder

06. april 2004 - 17:15 #3

oki

Synes godt om

metal_hansen Nybegynder

06. april 2004 - 17:19 #4

ny log:

Logfile of HijackThis v1.97.7
Scan saved at 17:18:20, on 06-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Programmer\ICQPlus\vplus.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Tweak-XP\blads.exe
C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
C:\Programmer\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Programmer\WinBar\WinBar.exe
C:\Programmer\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Programmer\CesarFTP\server.exe
C:\Programmer\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Programmer\Raxco\PerfectDisk\PDSched.exe
C:\Documents and Settings\Rune Hansen\Lokale indstillinger\Temp\Midlertidig mappe 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://about-blank.ws/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.ws/page/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://about-blank.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://about-blank.ws/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://about-blank.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programmer\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BlockAds] C:\Programmer\Tweak-XP\blads.exe
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - Startup: WinBar.lnk = C:\Programmer\WinBar\WinBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: OutTray.lnk = C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
O9 - Extra 'Tools' menuitem: Party Poker (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Debt Solutions (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://about-blank.ws/page/
O13 - WWW Prefix: http://about-blank.ws/page/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://213.159.118.226/content.php::/x.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38077.6361689815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52841967-8FDB-4CED-8602-753656ED271C}: NameServer = 212.242.40.3,212.242.40.51

Synes godt om

arlet Juniormester

06. april 2004 - 17:20 #5

Vender tilbage om en lille halv time, så tjekker jeg den igennem, ok!

Synes godt om

metal_hansen Nybegynder

06. april 2004 - 17:22 #6

ok fedt nok :)

Synes godt om

arlet Juniormester

06. april 2004 - 18:01 #7

Flyt først filen Hijackthis til en mappe oprettet kun til den. Den mappe skal ligge på skrivebordet

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://about-blank.ws/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.ws/page/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://about-blank.ws
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://about-blank.ws/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.ws/page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://about-blank.ws
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://213.159.118.226/sp.php

O4 - HKLM\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0
O4 - HKCU\..\Run: [Network Service] C:\WINDOWS\svchost.exe -sr -0

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Debt Solutions - http://213.159.118.226/tools.php?qq=Debt+Solutions
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Party Poker - http://213.159.118.226/tools.php?qq=Party+Poker
O8 - Extra context menu item: Party Poker.com - http://213.159.118.226/tools.php?qq=Party+Poker.com
O9 - Extra 'Tools' menuitem: Party Poker.com (HKLM)
O9 - Extra 'Tools' menuitem: Party Poker (HKLM)

O13 - DefaultPrefix: http://about-blank.ws/page/
O13 - WWW Prefix: http://about-blank.ws/page/

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\\nosuch.mht!http://213.159.118.226/content.php::/x.exe

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet i fejlsikret(f8 ved opstart):

C:\WINDOWS\svchost.exe

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.

Synes godt om

c-holst Novice

06. april 2004 - 21:42 #8

ja, der skal mere en en bit heavy til at klare den logfil...er du aktiv igen :-)

Synes godt om

metal_hansen Nybegynder

07. april 2004 - 01:56 #9

hej igen gutter - jeg faldt sq i søvn på sofaen, men jeg håber I/ nogle andre kyndige er vågne stadig :)

her er en ny log: C:\WINDOWS\svchost.exe kunne jeg ikke finde, sååhh..?!

Logfile of HijackThis v1.97.7
Scan saved at 01:55:31, on 07-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Programmer\ICQPlus\vplus.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Tweak-XP\blads.exe
C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
C:\Programmer\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Programmer\WinBar\WinBar.exe
C:\Programmer\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Programmer\CesarFTP\server.exe
C:\Programmer\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Programmer\Raxco\PerfectDisk\PDSched.exe
C:\Documents and Settings\Rune Hansen\Skrivebord\HijackThis.exe

O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 6\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Programmer\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKCU\..\Run: [ICQ Plus] "C:\Programmer\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BlockAds] C:\Programmer\Tweak-XP\blads.exe
O4 - Startup: WinBar.lnk = C:\Programmer\WinBar\WinBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: OutTray.lnk = C:\Programmer\Loft Systems Development\OutTray\OutTray.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38077.6361689815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52841967-8FDB-4CED-8602-753656ED271C}: NameServer = 212.242.40.3,212.242.40.51

Synes godt om

metal_hansen Nybegynder

07. april 2004 - 02:19 #10

hmm jeg må ha fixet noget der ikke skulle fixes - for nu kager min maskine helt.. jeg kører nu med standart udseende, og jeg kan ikke se menuer her på eksperten og flere andre ting... jeg formaterer sq lortet (selvom det kun er en uge siden sidst hehe)

bare rolig, det er nok min egen skyld - læg et svar, så er der point :)

Synes godt om

metal_hansen Nybegynder

08. april 2004 - 01:38 #11

et svar?!

Synes godt om

arlet Juniormester

08. april 2004 - 10:03 #12

ok

God påske

Synes godt om

metal_hansen Nybegynder

08. april 2004 - 20:21 #13

tak i lige måde :)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed	5	17/03/202610:32	18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed	6	02/02/202614:54	03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed	4	13/01/202617:27	14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed	4	13/11/202515:09	14/11/202510:45
Google fake Af johp i Andet sikkerhed	3	27/10/202516:31	28/10/202506:52

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

10/04

Test: Denne mikro-pc er langt mere slagkraftig end den ser ud

10/04

SAS Institute rykker rundt i topledelsen: Her er selskabets nye danske landechef

10/04

Dansk AI-ekspert med ildevarslende spådom: "Vi er alle sammen på vej hen imod en stor sort mur, og vi aner ikke, hvad der findes på den anden side"

10/04

Nørgaard: Jeg er skuffet over Googles Gemini - og jeg har min egen forklaring på, hvorfor det er gået galt for Google

10/04

Først blev Teams smidt på porten – nu vil Frankrig også af med Windows

10/04

Nyt job til Danmarks bedste CISO: Får ansvaret for 64.000 ansatte

10/04

Flere hundredetusinder togrejsende ramt: Stjålne persondata sat til salg efter cyberangreb

10/04

Så meget får de danske it-konsulenter i løn: Næsten alle forventer mere i lønposen ved næsten lønforhandling

10/04

Her er 10 konkrete måder at måle på, om kunstig intelligens skaber værdi for dig

10/04

Microsoft sænker prisen på tre af sine cloud-løsninger med 20 procent

10/04

Kunstig intelligens i praksis – og uden hype

Vis flere artikler

IT-JOB

Kromann Reumert

IT-supporter med stærkt teknisk fundament til vores kontor i København

Capgemini Danmark A/S

SAP S/4HANA Business Controlling

Netcompany A/S

Test Consultant

KMD A/S

EDI Specialist til KMD Connect

Nextway Software A/S

Product Configuration Specialist

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 17:32	Jeg kan ikke opdatere min iPad til ios 26.4.1. Af Bettina i Apps til iOS
I går 08:32	Office pakke LTSC vs Retail? Af Don G i Office & Kontorpakker
10/0421:19	Lydindstilling Prosonic TV Af TageArent i Fjernsyn & projektorer
10/0415:37	Sort skærm Af mort1 i Windows
09/0412:32	iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS

White papers

Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Find den SOC-model, der virker i praksis
SecureDevice
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf

Flere white papers »