Søg
Avatar billede u.l.johansen Praktikant
06. august 2004 - 22:19 Der er 6 kommentarer og
1 løsning

Hijack This log

Gider nogen lige at kontrollere denne hijackthis log. Jeg har kørt Spybot og fjernet 88 entries, men jeg synes stadig at loggen ser forkert ud. Jeg bruger Windows ME.

Logfile of HijackThis v1.98.1
Scan saved at 22:12:04, on 06-08-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\OFST10\WSWPD.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SKRIVEBORD\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\ALISNDMG.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAMMER\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\PROGRAMMER\CASHBACK\BIN\CASHBACK.EXE
C:\PROGRAMMER\NAVISEARCH\BIN\NLS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\FæLLES FILER\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F1 - win.ini: run=fntldr.exe C:\OFST10\WSWPD.EXE
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {99547EE0-D0D2-4922-9C2F-DB5BF0438A8E} - C:\WINDOWS\SYSTEM\MCPCPN.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmer\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [CashBack] C:\Programmer\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmer\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmer\Fælles filer\Microsoft Shared\Reference 2001\EROProj.dll
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/cabs/1786000.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {BD092CD7-AA66-4FF6-8CE1-D4E01489ED2B} (VacPro.UserControl1) - http://www.7adpower.com/dialer/EMSAT.CAB
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O18 - Filter: text/html - {BEEF334D-923F-4407-A3E9-C8661836D485} - C:\WINDOWS\SYSTEM\MCPCPN.DLL
O18 - Filter: text/plain - {BEEF334D-923F-4407-A3E9-C8661836D485} - C:\WINDOWS\SYSTEM\MCPCPN.DLL
O19 - User stylesheet:  (file missing)
Avatar billede serverservice Praktikant
06. august 2004 - 22:36 #1
Ja der er lidt af hvert jeg ser lige på den.
Først skal du slå systemgendannelse fra i system. placér hijackthis i en mappe for sig selv.

Tøm dine temp mapper og temporary internetfiler

Download , opdater og scan med disse 2 
http://www.spywarefri.dk/vaerktoj.htm#adaware
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Avatar billede serverservice Praktikant
06. august 2004 - 22:39 #2
åbn Regedit fra kør- edit- find . Find alle keys med    sp.html - og slet dem.
Hvis du ikke kan slette dine temp mapper så start op i fejlsikret og gør det.

Ny log
Avatar billede serverservice Praktikant
06. august 2004 - 23:38 #3
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://find4u.net/spa.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://awebfind.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {99547EE0-D0D2-4922-9C2F-DB5BF0438A8E} - C:\WINDOWS\SYSTEM\MCPCPN.DLL (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/cabs/1786000.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN.cab
O18 - Filter: text/html - {BEEF334D-923F-4407-A3E9-C8661836D485} - C:\WINDOWS\SYSTEM\MCPCPN.DLL
O18 - Filter: text/plain - {BEEF334D-923F-4407-A3E9-C8661836D485} - C:\WINDOWS\SYSTEM\MCPCPN.DLL
O19 - User stylesheet:  (file missing)

Hvis du ikke bruger office programlinie kan du med fordel fixe denne:
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

Har du nogen ide om hvad denne stammer fra? - ellers skal den fixes og slettes
O4 - HKLM\..\Run: [CashBack] C:\Programmer\CashBack\bin\cashback.exe
Mangler info om denne:
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmer\Fælles filer\Microsoft Shared\Reference 2001\EROProj.dll

Har desværre ikke tid til at gøre den færdig i aften - er tilbage fra hardwarekst igen på søndag.
Avatar billede serverservice Praktikant
06. august 2004 - 23:39 #4
alle de øverste skal fixes R1 - O19

ny log
Avatar billede u.l.johansen Praktikant
09. august 2004 - 09:26 #5
Hej Dannyboyd
Jeg kunne ikke finde nogle sp.html keys. Her en ny log som jeg lige håber at du gider kontrollere.

Logfile of HijackThis v1.98.1
Scan saved at 09:20:56, on 09-08-2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\OFST10\WSWPD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\ALISNDMG.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAMMER\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\PROGRAMMER\NAVISEARCH\BIN\NLS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMER\FæLLES FILER\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SKRIVEBORD\HIJACKTHIS.EXE

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] irmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe
O4 - HKLM\..\Run: [AlpsPoint] C:\Progra~1\Apoint\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmer\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmer\NaviSearch\bin\nls.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmer\Fælles filer\Microsoft Shared\Reference 2001\EROProj.dll

på forhånd tak, Ulrick
Avatar billede serverservice Praktikant
10. august 2004 - 12:32 #6
du skal vælge en ny default internet side og genstarte - ny log
er det hjulpet på din pc?
Avatar billede andersenph Nybegynder
11. august 2004 - 13:42 #7
Hejsa
Jeg har lovet Dannyboyd at hjælpe lidt her. Han er skidtmads i øjeblikket.

Gå i kontrolpanel -> tilføj/fjern programmer og slet Navisearch.

Start Hijackthis op og fix:
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

Genstart og surf lidt rundt. Genstart og kom med en ny log til kontrol.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
9 min siden Tilslut printer til netværk med WPS - hvis WPS slukkes på Router mistes forbindelse. Af Uvanga i Wifi
11/0521:05 Questyle M15i lydforstærker Af valby i Diverse
11/0518:27 Mærkeligt ikon på proceslinjen Af ErikHg i Windows
11/0513:54 Jeg skal have indstaleret Garmin express Af skolevej321 i Andet software
11/0510:48 Back up af foto til ekstern harddisk Af hkprofil i Office & Kontorpakker
White papers
Flere white papers »