Søg
Avatar billede split87 Nybegynder
11. oktober 2004 - 15:17 Der er 7 kommentarer og
2 løsninger

Hjælp til min HijackThis logfile!

Hej!

Vil du/I tjekke min logfile, jeg har downloadet messengerPlus! m.m. og har fået en masse spyware med... er efterhånden ved at blive ret træt af det. Jeg ved ikke hvilke der skal slettes i min HijackThis logfile, kan du hjælpe mig?
Tak!

Her er min logfile:

Logfile of HijackThis v1.97.7
Scan saved at 14:23:35, on 11-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\CASIO\Ploader\Plauto.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
c:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Anders\Dokumenter\Install files\HijackThis.exe
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/mfg.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eivmrsvozuqvnlyqmozt.com/u3NZkOLIydGdzt6_vbm737XH78Kfh2okohs88fqPe9O4UoH0sEn/XvVjcMeTQXF4.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4973B45-FDC9-7355-481C-3EE8355806D3} - C:\PROGRA~1\USERID~1\Corn iso.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FF54CEE3-6017-770D-1E25-250EF18D9E1F} - C:\PROGRA~1\USERID~1\Corn iso.exe
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CheckMedi8or] C:\Programmer\Mediator 7 Pro\CheckNewUser.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programmer\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [rdr glue] C:\PROGRA~1\SIZETO~1\fasttool.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Build support third cdrom] C:\Documents and Settings\All Users\Application Data\Load comp build support\link software.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [1onceinsidemail] C:\Documents and Settings\All Users\Application Data\Info Poll 1 Once\live love.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20106f81d9da12695c17/netzip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38138.9992476852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Avatar billede resist Nybegynder
11. oktober 2004 - 17:18 #1
Begynd med at afinstallere Messenger Plus via tilføj/fjern programmer.

Genstart og kom med en ny log. Brug venligst denne nyere version af HijackThis: http://danborg.org/spy/HJT/hijackthis.exe - tak.
Avatar billede split87 Nybegynder
11. oktober 2004 - 17:56 #2
Den skulle være afinstalleret, den er ikke at se i Tilføj/fjern programmer... men der ligger stadig en messenger Plus! mappe på mit C:\ drev med filer i. Skal jeg bare slette mappen?
Har lagt den nye version ind nu...

Logfile of HijackThis v1.98.2
Scan saved at 17:46:35, on 11-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\CASIO\Ploader\Plauto.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
c:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anders\Dokumenter\Install files\hijackthisnew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/mfg.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eivmrsvozuqvnlyqmozt.com/u3NZkOLIydGdzt6_vbm737XH78Kfh2okohs88fqPe9O4UoH0sEn/XvVjcMeTQXF4.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4973B45-FDC9-7355-481C-3EE8355806D3} - C:\PROGRA~1\USERID~1\Corn iso.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FF54CEE3-6017-770D-1E25-250EF18D9E1F} - C:\PROGRA~1\USERID~1\Corn iso.exe
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CheckMedi8or] C:\Programmer\Mediator 7 Pro\CheckNewUser.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programmer\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [rdr glue] C:\PROGRA~1\SIZETO~1\fasttool.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [Build support third cdrom] C:\Documents and Settings\All Users\Application Data\Load comp build support\link software.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [1onceinsidemail] C:\Documents and Settings\All Users\Application Data\Info Poll 1 Once\live love.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20106f81d9da12695c17/netzip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
Avatar billede resist Nybegynder
11. oktober 2004 - 17:59 #3
Så tager vi den manuelt, nu skal jeg kigge din nye log igennem.
Avatar billede resist Nybegynder
11. oktober 2004 - 18:08 #4
Herunder er der nogle filer, som du skal fixe. Sæt en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned.

Fix disse med HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eivmrsvozuqvnlyqmozt.com/u3NZkOLIydGdzt6_vbm737XH78Kfh2okohs88fqPe9O4UoH0sEn/XvVjcMeTQXF4.html

O2 - BHO: (no name) - {A4973B45-FDC9-7355-481C-3EE8355806D3} - C:\PROGRA~1\USERID~1\Corn iso.exe
O2 - BHO: (no name) - {FF54CEE3-6017-770D-1E25-250EF18D9E1F} - C:\PROGRA~1\USERID~1\Corn iso.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [rdr glue] C:\PROGRA~1\SIZETO~1\fasttool.exe
O4 - HKLM\..\Run: [Build support third cdrom] C:\Documents and Settings\All Users\Application Data\Load comp build support\link software.exe
O4 - HKLM\..\Run: [1onceinsidemail] C:\Documents and Settings\All Users\Application Data\Info Poll 1 Once\live love.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/20106f81d9da12695c17/netzip/RdxIE601.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab

----
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
----

Genstart i fejlsikret tilstand (F8 i opstart).  Find og slet:

C:\PROGRA~1\SIZETO~1\ >>>> mappen SIZETO~1
C:\Documents and Settings\All Users\Application Data\Load comp build support\ >>>> mappen Load comp build support
C:\Documents and Settings\All Users\Application Data\Info Poll 1 Once\ >>>> mappen Info Poll 1 Once
C:\Programmer\Messenger Plus! 3\ >>>> mappen Messenger Plus! 3

Genstart almindeligt og send en ny log herind til tjek – tak.
Avatar billede split87 Nybegynder
11. oktober 2004 - 18:38 #5
det var det! her er den nye log...

Logfile of HijackThis v1.98.2
Scan saved at 18:37:22, on 11-10-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Programmer\Norton AntiVirus\navapsvc.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\CASIO\Ploader\Plauto.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Anders\Dokumenter\Install files\hijackthisnew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.midtfyns-gym.dk/mfg.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [CheckMedi8or] C:\Programmer\Mediator 7 Pro\CheckNewUser.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programmer\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Ploader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
Avatar billede split87 Nybegynder
11. oktober 2004 - 18:50 #6
er det hele som det skal være nu?
Avatar billede resist Nybegynder
11. oktober 2004 - 18:53 #7
Det ser jo godt ud ;-) Loggen er umiddelbart ren.

Du skal lige slå systemgendannelse fra. Hvis du ikke ved, hvordan du gør, så kig her: http://www.spywarefri.dk/virusscannere.htm#alle
Herefter genstarter du og slår systemgendannelse til igen. Du må også sætte mappeindstillinger tilbage til oprindelige indstillinger.

Hvis du ikke allerede har Ad-Aware, så hent og installer programmet. Opdater det straks efter installationen - inden du kører en scanning. Fjern alt hvad programmet finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware

Her er et link til sikker surfing: http://www.spywarefri.dk/pakken.htm

Hjalp ”kuren”?
Avatar billede split87 Nybegynder
11. oktober 2004 - 18:55 #8
ja tusind tak!!
Avatar billede resist Nybegynder
11. oktober 2004 - 18:58 #9
Velbekomme ;-)

Du kan lukke her ved at markere mit navn og acceptere svaret.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed 5 17/03/202610:32 18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed 6 02/02/202614:54 03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed 4 13/01/202617:27 14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
I går 17:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
I går 13:13 Batch OCR Af KurtG i Billedbehandling
I går 10:42 AI integreret i Access Af per2edb i Access
04/0409:43 AI google.com Af Peter Olsen i Andre onlineløsninger
White papers
Flere white papers »