CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede eyeless Nybegynder
31. maj 2004 - 23:47 Der er 14 kommentarer og
1 løsning

Hjælp til Hijackthis

Hej er der nogen der gider hjælpe mig med at slette de filer der skal slettes(windows 98se) min log ser sådan ud:
Logfile of HijackThis v1.97.7
Scan saved at 23:45:52, on 31-05-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SOINTGR.EXE
C:\PROGRAMMER\FæLLES FILER\BULLGUARD\BULLGUARD SCAN SERVER\BDSS.EXE
C:\PROGRAMMER\FæLLES FILER\BULLGUARD\BULLGUARD COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\TOUCHMGR.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMER\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMER\INTERSCOPE BLACKBOX\3.0\IBBXSSTN.EXE
C:\PROGRAMMER\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MEDIACTR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DL.EXE
C:\WINDOWS\DLM.EXE
C:\WINDOWS\WINUPD.EXE
D:\PROGRAMMER\BULLGUARD\VSSERV.EXE
D:\PROGRAMMER\BULLGUARD\BDMCON.EXE
D:\PROGRAMMER\BULLGUARD\BGNEWSAG.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
D:\PROGRAMMER\SPYKILLER\SPYKILLER.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\AMITECH\ONNOW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\AMITECH\FORTRYD.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOKUMENTER\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAMMER\OUTLOOK EXPRESS\MSIMN.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F1 - win.ini: load=ptsnoop.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Touch Manager] C:\Programmer\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [Startup] C:\Amitech\Startup /START
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BlackBox] "C:\Programmer\Interscope BlackBox\3.0\ibbxsstn.exe" /boot
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Dial32] C:\WINDOWS\dl.exe
O4 - HKLM\..\Run: [Dial33] C:\WINDOWS\dlm.exe
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [BearShare] "D:\PROGRAMMER\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [jcr] C:\WINDOWS\jcr.exe
O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
O4 - HKLM\..\Run: [qjgz] C:\WINDOWS\qjgz.exe
O4 - HKLM\..\Run: [onax] C:\WINDOWS\onax.exe
O4 - HKLM\..\Run: [klohcb] C:\WINDOWS\klohcb.exe
O4 - HKLM\..\Run: [jml] C:\WINDOWS\jml.exe
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [oxclijib] C:\WINDOWS\oxclijib.exe
O4 - HKLM\..\Run: [bgduj] C:\WINDOWS\bgduj.exe
O4 - HKLM\..\Run: [dmfavex] C:\WINDOWS\dmfavex.exe
O4 - HKLM\..\Run: [azulef] C:\WINDOWS\azulef.exe
O4 - HKLM\..\Run: [ryr] C:\WINDOWS\ryr.exe
O4 - HKLM\..\Run: [BullGuard Virus Shield] D:\Programmer\BullGuard\\vsserv.exe
O4 - HKLM\..\Run: [BDMCon] D:\Programmer\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] D:\PROGRAMMER\BULLGUARD\bgnewsag.exe
O4 - HKLM\..\Run: [KAZAA] D:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [UTLWABO] C:\WINDOWS\SYSTEM\UTLWABO.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [BullGuard Scan Server] C:\Programmer\Fælles filer\BullGuard\BullGuard Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [BullGuard Communicator] C:\Programmer\Fælles filer\BullGuard\BullGuard Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BullGuard Live! Init] D:\Programmer\BullGuard\\bdinit.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [r7wk7hmtz5] C:\WINDOWS\XP82LE4GS5.EXE
O4 - HKCU\..\Run: [m0niyurxze] C:\WINDOWS\GELW77K1EO.EXE
O4 - HKCU\..\Run: [9v19ebrsfa] C:\WINDOWS\M2UNB6R0LN.EXE
O4 - HKCU\..\Run: [d9h20kc8x1] C:\WINDOWS\PNXA9UW1LB.EXE
O4 - HKCU\..\Run: [3yy35ifbbt] C:\WINDOWS\2GABE8GU8A.EXE
O4 - HKCU\..\Run: [gr9rd9s5ht] C:\WINDOWS\516EN402TC.EXE
O4 - HKCU\..\Run: [SPYWATCH] C:\PROGRAMMER\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP
O4 - HKCU\..\RunServices: [MsnMsgr] "c:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [r7wk7hmtz5] C:\WINDOWS\XP82LE4GS5.EXE
O4 - HKCU\..\RunServices: [m0niyurxze] C:\WINDOWS\GELW77K1EO.EXE
O4 - HKCU\..\RunServices: [9v19ebrsfa] C:\WINDOWS\M2UNB6R0LN.EXE
O4 - HKCU\..\RunServices: [d9h20kc8x1] C:\WINDOWS\PNXA9UW1LB.EXE
O4 - HKCU\..\RunServices: [3yy35ifbbt] C:\WINDOWS\2GABE8GU8A.EXE
O4 - HKCU\..\RunServices: [gr9rd9s5ht] C:\WINDOWS\516EN402TC.EXE
O4 - HKCU\..\RunServices: [SPYWATCH] C:\PROGRAMMER\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: IE Privacy Cleaner.lnk = D:\Programmer\SZ2001\IE Privacy Cleaner\IE Privacy Cleaner.exe
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O13 - DefaultPrefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38104.0751967593
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/bpas234.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
Avatar billede viciodk Praktikant
01. juni 2004 - 00:07 #1
Start med at hente Spybot + hente alle opdateringer:
http://www.safer-networking.org/index.php?page=download
Scan med programmet.

Derefter skal du hente og køre CWShredder.:
http://www.spywareinfo.com/~merijn/downloads.html
Du skal bare trykke på Fix-knappen.

Genstart computeren og post så en ny HijackThis-logfil.
Avatar billede viciodk Praktikant
01. juni 2004 - 00:21 #2
Jeg kan se at du har installeret P2P Networking.

Det skal du afinstallere via Tilføj/Fjern Programmer.
Gerne til at starte med hvis du endnu ikke har kørt Spybot og CWShredder.
Avatar billede eyeless Nybegynder
01. juni 2004 - 08:09 #3
skal jeg kun scanne med spybot, jeg skal ikke fixe noget eller hva ????
Avatar billede eyeless Nybegynder
01. juni 2004 - 08:36 #4
her er så min nye log:

Logfile of HijackThis v1.97.7
Scan saved at 08:35:56, on 01-06-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SOINTGR.EXE
C:\PROGRAMMER\FæLLES FILER\BULLGUARD\BULLGUARD SCAN SERVER\BDSS.EXE
C:\PROGRAMMER\FæLLES FILER\BULLGUARD\BULLGUARD COMMUNICATOR\XCOMMSVR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\TOUCHMGR.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAMMER\AHEAD\INCD\INCD.EXE
C:\PROGRAMMER\INTERSCOPE BLACKBOX\3.0\IBBXSSTN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMER\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\WINUPD.EXE
D:\PROGRAMMER\BULLGUARD\VSSERV.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MEDIACTR.EXE
D:\PROGRAMMER\BULLGUARD\BDMCON.EXE
D:\PROGRAMMER\BULLGUARD\BGNEWSAG.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\AMITECH\ONNOW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MMUSBKB2.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\AMITECH\FORTRYD.EXE
C:\DOKUMENTER\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Touch Manager] C:\Programmer\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [Startup] C:\Amitech\Startup /START
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BlackBox] "C:\Programmer\Interscope BlackBox\3.0\ibbxsstn.exe" /boot
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [BearShare] "D:\PROGRAMMER\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [jcr] C:\WINDOWS\jcr.exe
O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
O4 - HKLM\..\Run: [qjgz] C:\WINDOWS\qjgz.exe
O4 - HKLM\..\Run: [onax] C:\WINDOWS\onax.exe
O4 - HKLM\..\Run: [klohcb] C:\WINDOWS\klohcb.exe
O4 - HKLM\..\Run: [jml] C:\WINDOWS\jml.exe
O4 - HKLM\..\Run: [oxclijib] C:\WINDOWS\oxclijib.exe
O4 - HKLM\..\Run: [bgduj] C:\WINDOWS\bgduj.exe
O4 - HKLM\..\Run: [dmfavex] C:\WINDOWS\dmfavex.exe
O4 - HKLM\..\Run: [azulef] C:\WINDOWS\azulef.exe
O4 - HKLM\..\Run: [ryr] C:\WINDOWS\ryr.exe
O4 - HKLM\..\Run: [BullGuard Virus Shield] D:\Programmer\BullGuard\\vsserv.exe
O4 - HKLM\..\Run: [BDMCon] D:\Programmer\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] D:\PROGRAMMER\BULLGUARD\bgnewsag.exe
O4 - HKLM\..\Run: [KAZAA] D:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [UTLWABO] C:\WINDOWS\SYSTEM\UTLWABO.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunServices: [BullGuard Scan Server] C:\Programmer\Fælles filer\BullGuard\BullGuard Scan Server\\bdss.exe
O4 - HKLM\..\RunServices: [BullGuard Communicator] C:\Programmer\Fælles filer\BullGuard\BullGuard Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BullGuard Live! Init] D:\Programmer\BullGuard\\bdinit.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [r7wk7hmtz5] C:\WINDOWS\XP82LE4GS5.EXE
O4 - HKCU\..\Run: [m0niyurxze] C:\WINDOWS\GELW77K1EO.EXE
O4 - HKCU\..\Run: [9v19ebrsfa] C:\WINDOWS\M2UNB6R0LN.EXE
O4 - HKCU\..\Run: [d9h20kc8x1] C:\WINDOWS\PNXA9UW1LB.EXE
O4 - HKCU\..\Run: [3yy35ifbbt] C:\WINDOWS\2GABE8GU8A.EXE
O4 - HKCU\..\Run: [gr9rd9s5ht] C:\WINDOWS\516EN402TC.EXE
O4 - HKCU\..\Run: [SPYWATCH] C:\PROGRAMMER\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: IE Privacy Cleaner.lnk = D:\Programmer\SZ2001\IE Privacy Cleaner\IE Privacy Cleaner.exe
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O13 - DefaultPrefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38104.0751967593
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/bpas234.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
Avatar billede fromsej Praktikant
01. juni 2004 - 16:20 #5
Hent og kør Kazaabegone:
http://www.spychecker.com/program/kazaagone.html
Kør en onlinevirusscan med både Housecall og Bitdefender:
http://spywarefri.dk/onlinevark.htm
Genstart og ny log.
Avatar billede fromsej Praktikant
01. juni 2004 - 16:21 #6
Den her skal lige med inden du kommer med flere logfiler:
Hent CWShredder her:
http://www.computercops.biz/zx/phoenix22/cws.zip
Pak zipfilen ud i en mappe.
Kør programmet, tjek for updates, afbryd din internetforbindelse fysisk(stikket ud), deaktiver ALLE sikkerhedsprogrammer, luk alle vinduer undtaget cwshredder, klik på Next, den scanner nu, når den er færdig klik på Fix, klik på Exit.
Derefter genstart, og en ny hijackthislog.
Husk at genaktivere dine sikkerhedsprogrammer inden du går på nettet.
Avatar billede viciodk Praktikant
01. juni 2004 - 18:27 #7
"jeg skal ikke fixe noget eller hva ????"

JO!! Du har en helv**** masse snavs liggende.
Gør som Fromsej skriver.
Avatar billede eyeless Nybegynder
01. juni 2004 - 19:16 #8
ok er gjordt her er min nye log :-)

Logfile of HijackThis v1.97.7
Scan saved at 19:15:04, on 01-06-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\TOUCHMGR.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMER\AHEAD\INCD\INCD.EXE
C:\PROGRAMMER\INTERSCOPE BLACKBOX\3.0\IBBXSSTN.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMER\WINAMP\WINAMPA.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMER\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MEDIACTR.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\AMITECH\ONNOW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MMUSBKB2.EXE
C:\AMITECH\FORTRYD.EXE
C:\DOKUMENTER\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Touch Manager] C:\Programmer\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [Startup] C:\Amitech\Startup /START
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BlackBox] "C:\Programmer\Interscope BlackBox\3.0\ibbxsstn.exe" /boot
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe
O4 - HKLM\..\Run: [BearShare] "D:\PROGRAMMER\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [jcr] C:\WINDOWS\jcr.exe
O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
O4 - HKLM\..\Run: [qjgz] C:\WINDOWS\qjgz.exe
O4 - HKLM\..\Run: [onax] C:\WINDOWS\onax.exe
O4 - HKLM\..\Run: [klohcb] C:\WINDOWS\klohcb.exe
O4 - HKLM\..\Run: [jml] C:\WINDOWS\jml.exe
O4 - HKLM\..\Run: [oxclijib] C:\WINDOWS\oxclijib.exe
O4 - HKLM\..\Run: [bgduj] C:\WINDOWS\bgduj.exe
O4 - HKLM\..\Run: [dmfavex] C:\WINDOWS\dmfavex.exe
O4 - HKLM\..\Run: [azulef] C:\WINDOWS\azulef.exe
O4 - HKLM\..\Run: [ryr] C:\WINDOWS\ryr.exe
O4 - HKLM\..\Run: [UTLWABO] C:\WINDOWS\SYSTEM\UTLWABO.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMER\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [r7wk7hmtz5] C:\WINDOWS\XP82LE4GS5.EXE
O4 - HKCU\..\Run: [m0niyurxze] C:\WINDOWS\GELW77K1EO.EXE
O4 - HKCU\..\Run: [9v19ebrsfa] C:\WINDOWS\M2UNB6R0LN.EXE
O4 - HKCU\..\Run: [d9h20kc8x1] C:\WINDOWS\PNXA9UW1LB.EXE
O4 - HKCU\..\Run: [3yy35ifbbt] C:\WINDOWS\2GABE8GU8A.EXE
O4 - HKCU\..\Run: [gr9rd9s5ht] C:\WINDOWS\516EN402TC.EXE
O4 - HKCU\..\Run: [SPYWATCH] C:\PROGRAMMER\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: IE Privacy Cleaner.lnk = D:\Programmer\SZ2001\IE Privacy Cleaner\IE Privacy Cleaner.exe
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O13 - DefaultPrefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38104.0751967593
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/bpas234.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
Avatar billede viciodk Praktikant
01. juni 2004 - 19:31 #9
Har du husket at køre CWShredder? Disse skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex.com/search.php?said=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex.com/search.php?said=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.com/search.php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.com/search.php?said=spage
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe

O4 - HKLM\..\Run: [jcr] C:\WINDOWS\jcr.exe
O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
O4 - HKLM\..\Run: [qjgz] C:\WINDOWS\qjgz.exe
O4 - HKLM\..\Run: [onax] C:\WINDOWS\onax.exe
O4 - HKLM\..\Run: [klohcb] C:\WINDOWS\klohcb.exe
O4 - HKLM\..\Run: [jml] C:\WINDOWS\jml.exe
O4 - HKLM\..\Run: [oxclijib] C:\WINDOWS\oxclijib.exe
O4 - HKLM\..\Run: [bgduj] C:\WINDOWS\bgduj.exe
O4 - HKLM\..\Run: [dmfavex] C:\WINDOWS\dmfavex.exe
O4 - HKLM\..\Run: [azulef] C:\WINDOWS\azulef.exe
O4 - HKLM\..\Run: [ryr] C:\WINDOWS\ryr.exe
O4 - HKLM\..\Run: [UTLWABO] C:\WINDOWS\SYSTEM\UTLWABO.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot

O4 - HKCU\..\Run: [r7wk7hmtz5] C:\WINDOWS\XP82LE4GS5.EXE
O4 - HKCU\..\Run: [m0niyurxze] C:\WINDOWS\GELW77K1EO.EXE
O4 - HKCU\..\Run: [9v19ebrsfa] C:\WINDOWS\M2UNB6R0LN.EXE
O4 - HKCU\..\Run: [d9h20kc8x1] C:\WINDOWS\PNXA9UW1LB.EXE
O4 - HKCU\..\Run: [3yy35ifbbt] C:\WINDOWS\2GABE8GU8A.EXE
O4 - HKCU\..\Run: [gr9rd9s5ht] C:\WINDOWS\516EN402TC.EXE

O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

O13 - DefaultPrefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex.com/search.php?said=pfxp&qq=

O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/bpas234.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.ruworld.com/chm/files.chm::/file.exe
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB



Genstart så computeren. Gå i fejlsikret tilstand og slet disse filer:

c:\spad\ (hele mappen)
C:\PROGRA~1\PERFEC~1\ (hele mappen)

O4 - HKLM\..\Run: [Upgrade Service] C:\WINDOWS\winupd.exe

O4 - HKLM\..\Run: [jcr] C:\WINDOWS\jcr.exe
O4 - HKLM\..\Run: [evuj] C:\WINDOWS\evuj.exe
O4 - HKLM\..\Run: [qjgz] C:\WINDOWS\qjgz.exe
O4 - HKLM\..\Run: [onax] C:\WINDOWS\onax.exe
O4 - HKLM\..\Run: [klohcb] C:\WINDOWS\klohcb.exe
O4 - HKLM\..\Run: [jml] C:\WINDOWS\jml.exe
O4 - HKLM\..\Run: [oxclijib] C:\WINDOWS\oxclijib.exe
O4 - HKLM\..\Run: [bgduj] C:\WINDOWS\bgduj.exe
O4 - HKLM\..\Run: [dmfavex] C:\WINDOWS\dmfavex.exe
O4 - HKLM\..\Run: [azulef] C:\WINDOWS\azulef.exe
O4 - HKLM\..\Run: [ryr] C:\WINDOWS\ryr.exe
O4 - HKLM\..\Run: [UTLWABO] C:\WINDOWS\SYSTEM\UTLWABO.exe

O4 - HKCU\..\Run: [r7wk7hmtz5] C:\WINDOWS\XP82LE4GS5.EXE
O4 - HKCU\..\Run: [m0niyurxze] C:\WINDOWS\GELW77K1EO.EXE
O4 - HKCU\..\Run: [9v19ebrsfa] C:\WINDOWS\M2UNB6R0LN.EXE
O4 - HKCU\..\Run: [d9h20kc8x1] C:\WINDOWS\PNXA9UW1LB.EXE
O4 - HKCU\..\Run: [3yy35ifbbt] C:\WINDOWS\2GABE8GU8A.EXE
O4 - HKCU\..\Run: [gr9rd9s5ht] C:\WINDOWS\516EN402TC.EXE
Avatar billede viciodk Praktikant
01. juni 2004 - 19:33 #10
Genstart computeren og post så en ny log.
Avatar billede eyeless Nybegynder
01. juni 2004 - 22:01 #11
Ja har kørt CWShredder, men den siger at jeg ikke har noget og at min comp. ikke er infected... men har gjort hva du skrev og her er min log:

Logfile of HijackThis v1.97.7
Scan saved at 22:02:04, on 01-06-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\PTSNOOP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\TOUCHMGR.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAMMER\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMER\INTERSCOPE BLACKBOX\3.0\IBBXSSTN.EXE
C:\PROGRAMMER\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\ALTNET\POINTS MANAGER\POINTS MANAGER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMER\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMMER\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MEDIACTR.EXE
C:\PROGRAMMER\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\AMITECH\ONNOW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\PROGRAMMER\NETROPA\TOUCH MANAGER\MMUSBKB2.EXE
C:\AMITECH\FORTRYD.EXE
C:\DOKUMENTER\HIJACKTHIS\HIJACKTHIS.EXE

F1 - win.ini: load=ptsnoop.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Atikey] Atitask.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [Touch Manager] C:\Programmer\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [Startup] C:\Amitech\Startup /START
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [InCD] C:\Programmer\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BlackBox] "C:\Programmer\Interscope BlackBox\3.0\ibbxsstn.exe" /boot
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMER\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "c:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SPYWATCH] C:\PROGRAMMER\BULLETPROOFSOFT.COM\SPYWAREREMOVER\SpyWatch.exe /STARTUP
O4 - Startup: IE Privacy Cleaner.lnk = D:\Programmer\SZ2001\IE Privacy Cleaner\IE Privacy Cleaner.exe
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38104.0751967593
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
Avatar billede viciodk Praktikant
01. juni 2004 - 22:15 #12
Så er der ikke mere snavs tilbage :)
Avatar billede eyeless Nybegynder
01. juni 2004 - 22:18 #13
mange tak ska du ha, er ny her men har da fattet at det har noget med noget karma at gøre, hvordan giver jeg det... Vil også lige spørge om du ved hvordan jeg kan undgå at få en masse snavs igen...
Avatar billede viciodk Praktikant
01. juni 2004 - 22:23 #14
Det er meget vigtigt at du har alle opdateringer fra Windows Update. Derudover har Spywarefri.dk lavet en sikkerhedspakke som du kan hente:

http://www.spywarefri.dk/pakken.htm

Jeg kan dog se at du i forvejen har Spybot. Det er godt. Du har også installeret SpyWatch. Det kender jeg ikke.

(Karma: Klik på brugernavn -> Giv Karma -> Skriv en kommentar og en karakter -> OK)
Avatar billede viciodk Praktikant
01. juni 2004 - 22:35 #15
Tak for karma-vurdering ;o)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Falsk virusadvarsel fra McAfee hvert 10 sekund! Af frejanatur i Andet sikkerhed 7 25/05/202522:33 26/05/202514:12
Avast pop-up Af frem-ad i Andet sikkerhed 3 10/04/202515:46 10/04/202518:02
Facebook hacked og navn ændret Af Obelix1972 i Andet sikkerhed 5 20/02/202508:51 20/02/202510:17
Kan man tracke, hvis en anden har været i ens gmail? Af Bella i Andet sikkerhed 5 30/12/202422:01 17/01/202520:58
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:10 ip adresser forskellig i ipconfig og myip.com Af Uvanga i LAN/WAN
I går 13:04 Windows Telefonlink Af barth i Andet software
13/0718:58 Kvindelige rolleindehavere i EX-Wife Af Ikke-ekspert i Fri debat
12/0722:10 Computer til videoredigering og casual gaming Af Kean BS i PC
12/0715:50 Link cvs fil til Excel Af per2edb i Excel
White papers
Flere white papers »


Premium
Teaser billede
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Læs mere »
Trumps toldmur og Windows 10’s snarlige død driver pc-markedet frem: Se de største leverandører her
Sådan kan du stoppe techgiganternes AI-scrapere fra at suge din data og crashe din server
Vinderne er fundet: Disse to it-leverandører skal levere Microsoft-løsninger for milliarder til den danske stat
Se alle »
Computerworld
Teaser billede
Verdens største it-distributør ramt af ransomware: VPN mistænkt som indgang
Læs mere »
Hackerne slog til mod Humac – direktøren skiftede forklaring på en uge: Nu flyder pas frit på nettet
Elon Musks nye AI-model Grok 4 er hundedyr – men den fejer alle konkurrentere af banen i ny analyse
Danske husstande med YouSee-routere angribes to gange om dagen: Så enkelt sikrer du din egen
Se alle »
CIO
Teaser billede
Kæmpe it-distributør er tilbage i drift efter ransomware-angreb: "Har arbejdet døgnet rundt"
Læs mere »
Vinderne er fundet: Disse to it-leverandører skal levere Microsoft-løsninger for milliarder til den danske stat
Borgere kunne læse andres beskeder i Digital Post: Nu får Digitaliseringsstyrelsen kras kritik for mangler i sikkerheden
Tog et opgør med standard-it og ikke-supporteret udstyr: Nu udvikler stor dansk investeringsfond selv
Se alle »
Job & Karriere
Teaser billede
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Læs mere »
Itm8 fyrer: Opsiger ansatte og reorganiserer
Fagforbund slår alarm over Netcompany: "Man risikerer at knække halsen på deres arbejdsmiljø"
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Se alle »
White paper
Teaser billede
NIS2: Sådan styrker du både cybersikkerhed og compliance
Læs mere »
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
Sådan får du reel værdi ud af Microsoft Copilot
Gør din backup til et aktiv i cybersikkerhedsindsatsen
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »