Notifikationer

Markér alle som læst Log ud

sparki Nybegynder

08. december 2004 - 21:54 Der er 8 kommentarer og
1 løsning

Hijackthis log

Logfile of HijackThis v1.98.2
Scan saved at 21:50:11, on 08-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe
C:\WINDOWS\DitExp.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Ventrilo\Ventrilo.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Documents and Settings\Anders Blom\Dokumenter\Downloadede Filer\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zmriiuvghxjz.biz/BM5TXoXt3irTQXffw3_cjPtucM4gh6ueaxc9mG/tDg5Ht6btgsJZxm5QbaWSek0T.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=ramsys.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1A7349F-C316-5E60-F836-78A8F2A9985E} - C:\DOCUME~1\ANDERS~1\APPLIC~1\THATPE~1\OneBrowse.exe
O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Programmer\AV VCS 3.0 DIAMOND\Vcs3RT.dll
O2 - BHO: (no name) - {EA64C139-5EC8-5A38-AE0F-634E367C0092} - C:\DOCUME~1\ANDERS~1\APPLIC~1\THATPE~1\OneBrowse.exe
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [loads.exe] \suploads.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bat 1 free once] C:\Documents and Settings\All Users\Application Data\Trans pile bat 1\close once.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [kernel32] C:\WINDOWS\System32\kernel32.dlI
O4 - HKLM\..\Run: [antiheckgrim2] C:\Documents and Settings\All Users\Application Data\Stupid Support Anti Heck\IntraMeta.exe
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKCU\..\Run: [part bore] C:\DOCUME~1\ANDERS~1\APPLIC~1\LOGEAC~1\Global Eggs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mp3.cab

Synes godt om

sparki Nybegynder

08. december 2004 - 21:56 #1

Mon jeg er helt galt på den hvis jeg siger disse "DPF'er" skal fjernes ?

Synes godt om

resist Nybegynder

08. december 2004 - 22:16 #2

Afinstaller Messenger Plus og Hotbar via tilføj/fjern programmer, genstart og ny log - tak.

Synes godt om

sparki Nybegynder

08. december 2004 - 22:21 #3

Logfile of HijackThis v1.98.2
Scan saved at 22:21:01, on 08-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Ventrilo\Ventrilo.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Program Files\SpIRC\mirc.exe
C:\Documents and Settings\Anders Blom\Dokumenter\Downloadede Filer\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dgbpdhammnrrwpftxsiczpvf.com/BM5TXoXt3irTQXffw3_cjPtucM4gh6ueaxc9mG/tDg7Rdv2RY7EWRm5QbaWSek0T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=ramsys.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1A7349F-C316-5E60-F836-78A8F2A9985E} - C:\DOCUME~1\ANDERS~1\APPLIC~1\THATPE~1\OneBrowse.exe (file missing)
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [loads.exe] \suploads.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bat 1 free once] C:\Documents and Settings\All Users\Application Data\Trans pile bat 1\close once.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [kernel32] C:\WINDOWS\System32\kernel32.dlI
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mp3.cab

Synes godt om

sparki Nybegynder

08. december 2004 - 22:21 #4

kunne ikke finde hotbar

Synes godt om

resist Nybegynder

08. december 2004 - 23:11 #5

Nu skal jeg kigge den nye log igennem.

Synes godt om

resist Nybegynder

08. december 2004 - 23:24 #6

Download denne engangsscanner: http://www.spywareinfo.dk/download/mwav.exe
Du skal bruge den senere.

Herunder er der nogle filer, som du skal fixe. Sæt en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned.

Fix disse med HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dgbpdhammnrrwpftxsiczpvf.com/BM5TXoXt3irTQXffw3_cjPtucM4gh6ueaxc9mG/tDg7Rdv2RY7EWRm5QbaWSek0T.html

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll
O2 - BHO: (no name) - {B1A7349F-C316-5E60-F836-78A8F2A9985E} - C:\DOCUME~1\ANDERS~1\APPLIC~1\THATPE~1\OneBrowse.exe (file missing)

O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Programmer\Hotbar\bin\4.5.1.0\HbHostIE.dll

O4 - HKLM\..\Run: [loads.exe] \suploads.exe
O4 - HKLM\..\Run: [bat 1 free once] C:\Documents and Settings\All Users\Application Data\Trans pile bat 1\close once.exe
O4 - HKLM\..\Run: [kernel32] C:\WINDOWS\System32\kernel32.dlI
O4 - HKLM\..\Run: [Hotbar] C:\Programmer\Hotbar\bin\4.5.1.0\HbInst.exe /Upgrade
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ANDERS~1\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/mp3.cab

----
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
----

Genstart i fejlsikret tilstand (F8 i opstart). Find og slet:

C:\Programmer\Hotbar\ >>>> mappen
C:\Documents and Settings\All Users\Application Data\Trans pile bat 1\ >>>> mappen

Kør mwav.exe – aktiver så den scanner mest muligt.

Genstart almindeligt og send en ny log herind til tjek – tak.

Synes godt om

resist Nybegynder

08. december 2004 - 23:25 #7

C:\DOCUME~1\ANDERS~1\APPLIC~1\THATPE~1\ >>>> denne mappe skal også slettes fra fejlsikret.

Synes godt om

sparki Nybegynder

09. december 2004 - 13:11 #8

Logfile of HijackThis v1.98.2
Scan saved at 13:11:19, on 09-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\Dit.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Anders Blom\Dokumenter\Downloadede Filer\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dgbpdhammnrrwpftxsiczpvf.com/BM5TXoXt3irTQXffw3_cjPtucM4gh6ueaxc9mG/tDg7Rdv2RY7EWRm5QbaWSek0T.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: run=ramsys.exe
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab

Synes godt om

resist Nybegynder

09. december 2004 - 15:29 #9

Fix disse med HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dgbpdhammnrrwpftxsiczpvf.com/BM5TXoXt3irTQXffw3_cjPtucM4gh6ueaxc9mG/tDg7Rdv2RY7EWRm5QbaWSek0T.html

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Genstart og ny log – tak.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed	5	17/03/202610:32	18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed	6	02/02/202614:54	03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed	4	13/01/202617:27	14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed	4	13/11/202515:09	14/11/202510:45
Google fake Af johp i Andet sikkerhed	3	27/10/202516:31	28/10/202506:52

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

13:00

Virksomhedernes organisationer skal ændres for at udnytte AI

03/04

Podcasten Hard Fork giver et skarpt blik på ugens vigtigste tech-historier

03/04

Nørgaard: Læs skideballen fra en ukrainer til Rheinmetal - og derfor trender #MadeByHousewives

03/04

Læs hele Computerworlds løn-magasin: Så meget får danske it-folk i løn

02/04

Sådan kan du implementere ansvarlig AI i din organisation

01/04

Vi tester to udgaver af Denons Home-højttalere - og vi er ikke i tvivl om dommen

01/04

Som slagterlærling traf Rasmus et livsændrende valg: Nu er han udviklingschef i kæmpe energivirksomhed

01/04

Hård kritik efter tirsdagens stor-nedbrud: MitID er som en stor hullet ost og kan udvikle sig til en national katastrofe

01/04

OpenAI får kæmpemæssig kapitaltilførsel: Bliver værdisat til 5.500 milliarder kroner

01/04

Anthropic-medarbejder har ved et uheld lækket hele Claude Codes kildekode: 500.000 linier kode sluppet fri

01/04

Mørklægger årsag til tirsdagens timelange MitID-nedbrud: Vil intet fortælle af 'sikkerhedsmæssige årsager'

Vis flere artikler

IT-JOB

Jyske Bank

Senior Forretningsudvikler til Wealth Selvbetjening

Statens IT

Firewall-tekniker med kendskab til Automation

PensionDanmark

Senior Data Specialist til Data Hub

TV2

Data Engineer – CRM & Marketing Automation, TV 2 Teknologi

Nextway Software A/S

Product Configuration Specialist

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

15 min siden	Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
I dag 13:13	Batch OCR Af KurtG i Billedbehandling
I dag 10:42	AI integreret i Access Af per2edb i Access
04/0409:43	AI google.com Af Peter Olsen i Andre onlineløsninger
31/0310:22	Makro der gemmer vedhæftet fil fra Msg og omdøber filen Af lokesa i Excel

White papers

Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta

Flere white papers »