Notifikationer

Markér alle som læst Log ud

logitech33 Nybegynder

18. januar 2005 - 21:10 Der er 28 kommentarer og
1 løsning

Hijack this log

en der har lyst til at se den igennem ?

Logfile of HijackThis v1.99.0
Scan saved at 21:07:37, on 18/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\temp\salm.exe
C:\Program Files\MSN Messenger\MsgPlus.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\WINDOWS\system32\SahAgent.exe
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\HAD\PTW.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mohamed\Mes documents\Mes fichiers reçus\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: CnfSearch Class - {D7CD08F0-D691-11D8-9669-0800200C9A66} - c:\windows\system32\ConfuSearch.dll
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: STRAd32Obj Class - {1433F750-E53F-11D8-9669-0800200C9A66} - c:\windows\system32\STRAd32.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D5EA33B6-C8D8-A0D8-72B1-35ED909FB1DA} - C:\DOCUME~1\mohamed\APPLIC~1\MATHCU~1\ForCast.exe (file missing)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lyzyb] C:\WINDOWS\lyzyb.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Prayer.lnk = C:\HAD\PTW.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A3FF6A9-030D-40BB-8AB3-93E5EBACADF3}: NameServer = 213.203.124.146 212.30.96.108
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A3FF6A9-030D-40BB-8AB3-93E5EBACADF3}: NameServer = 213.203.124.146 212.30.96.108
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\System32\xplugin.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - Unknown - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Synes godt om

johnstigers Seniormester

18. januar 2005 - 21:15 #1

Kigger på den - tilbage om lidt.

Synes godt om

andersenph Nybegynder

18. januar 2005 - 21:17 #2

Kigger lige med :O)

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 21:17 #3

stort :

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 21:18 #4

skal lige gøre opmærksom på at har lige fjernet Gator or Coolwebsearch

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 21:25 #5

extra tilføjelse :
har lige kørt Xclean Micro cleaning og følgende programmer er fjernet :
coolwebsearch
gator
IST bar
Overpro
sah agent

Synes godt om

johnstigers Seniormester

18. januar 2005 - 21:30 #6

Du har messenger Plus installeret - du er klar over at det indeholder spyware?
Med mindre du sagde nej til at installere sponsorprogrammet, så har du snavset derfra. Se bl.a. http://www.grineflip.dk/download/msn-plus/msn-plus.htm

Vejledning er på vej

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 21:30 #7

har sagt nej til snavns fra msn plus

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 21:31 #8

er den ellers ren ?

Synes godt om

andersenph Nybegynder

18. januar 2005 - 21:32 #9

Nej det er den langt fra. Vent på Stigers. Han skal lige være færdig med din log.

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 21:35 #10

ups, ok ...jeg tvivler heller ikke på den er meget uren.. efter som et program har fjernet 5 programmer/spy ware

Synes godt om

johnstigers Seniormester

18. januar 2005 - 21:48 #11

1. Fjern download accelerator (indeholder snavs samt sender info videre om din færden på nettet)
2. Fix disse:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: CnfSearch Class - {D7CD08F0-D691-11D8-9669-0800200C9A66} - c:\windows\system32\ConfuSearch.dll
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: STRAd32Obj Class - {1433F750-E53F-11D8-9669-0800200C9A66} - c:\windows\system32\STRAd32.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {D5EA33B6-C8D8-A0D8-72B1-35ED909FB1DA} - C:\DOCUME~1\mohamed\APPLIC~1\MATHCU~1\ForCast.exe (file missing)
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [lyzyb] C:\WINDOWS\lyzyb.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\system32\SahAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present - KUN hvis du ikke selv har brugt spybot til at leve restriktioner!
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE

Genstart i fejlsikker tilstand og slet:
C:\temp\salm.exe - filen
C:\Program Files\DeskAd Service\DeskAdKeep.exe - mappen DeskAd Service
C:\WINDOWS\system32\SahAgent.exe - filen SahAgent.exe
C:\HAD\PTW.EXE - mappen HAD

Genstart og ny log til tjek

P.s. fik lige et telefonopkald, så det tog lidt længere tid end planlagt :)

Synes godt om

andersenph Nybegynder

18. januar 2005 - 21:56 #12

ICQ stigers

Synes godt om

johnstigers Seniormester

18. januar 2005 - 21:57 #13

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:01 #14

Jeg er igang med at finde filerne ... det er lidt svært at finde filerne
men skal find dem alle :)

Synes godt om

johnstigers Seniormester

18. januar 2005 - 22:03 #15

Du fixer dem i Hijackthis, ikke sandt?

Og sletter i fejlsikker...?

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:04 #16

jo, det kommer jeg til

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:06 #17

betyder det meget om jeg er i fejlsikker tilstand .. jeg har logitech keyboard.. ok jeg kan ikke brge F1 - F12 Tasterne :(

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:13 #18

fandt denne fil : hvad er det : ?
WEB installer path C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll
Success copy lsp.dll
Success copy SahAgent.exe
Success copy xmlparse.dll
Success copy xmltok.dll
Success copy sporder.dll
Success copy sporder.dll
Success copy SAHUninstall.exe
Success copy SahHtml.exe
Success copy v.dat
Success copy vg.dat
Delete C:\WINDOWS\Downloaded Program Files\v.dat succeeded
Delete C:\WINDOWS\Downloaded Program Files\vg.dat succeeded
File C:\WINDOWS\Downloaded Program Files\xmlparse.dll not found
File C:\WINDOWS\Downloaded Program Files\xmltok.dll not found
Installation is completed.
01/18/05 19:39:36 [A] Scanning Installed Providers
01/18/05 19:39:36 [A] Installing Layered Providers
01/18/05 19:39:36 [A] Installed over MSAFD Tcpip [TCP/IP]
01/18/05 19:39:37 [A] Installed over MSAFD Tcpip [UDP/IP]
01/18/05 19:39:38 [A] Installed over MSAFD Tcpip [RAW/IP]
01/18/05 19:39:38 [A] Installed over RSVP UDP Service Provider
01/18/05 19:39:39 [A] Installed over RSVP TCP Service Provider
01/18/05 19:39:39 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DEBD405-8F0B-4508-8E47-BDC090D0C155}] SEQPACKET 6
01/18/05 19:39:40 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{6DEBD405-8F0B-4508-8E47-BDC090D0C155}] DATAGRAM 6
01/18/05 19:39:41 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC8B8955-C2A8-4340-BA8E-17E076A52AF6}] SEQPACKET 5
01/18/05 19:39:41 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{DC8B8955-C2A8-4340-BA8E-17E076A52AF6}] DATAGRAM 5
01/18/05 19:39:42 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{C487CF27-3345-45B9-A1D2-3239BE14948C}] SEQPACKET 4
01/18/05 19:39:42 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{C487CF27-3345-45B9-A1D2-3239BE14948C}] DATAGRAM 4
01/18/05 19:39:43 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{C922FEA2-8653-46EF-8884-9394BF89396C}] SEQPACKET 0
01/18/05 19:39:44 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{C922FEA2-8653-46EF-8884-9394BF89396C}] DATAGRAM 0
01/18/05 19:39:44 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D2B53FD-5F15-448C-A650-419E5D37FA4E}] SEQPACKET 1
01/18/05 19:39:45 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D2B53FD-5F15-448C-A650-419E5D37FA4E}] DATAGRAM 1
01/18/05 19:39:46 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F8649D8-3CE4-4B9E-BF23-6CFC8570CD8C}] SEQPACKET 2
01/18/05 19:39:46 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F8649D8-3CE4-4B9E-BF23-6CFC8570CD8C}] DATAGRAM 2
01/18/05 19:39:47 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A3FF6A9-030D-40BB-8AB3-93E5EBACADF3}] SEQPACKET 3
01/18/05 19:39:48 [A] Installed over MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A3FF6A9-030D-40BB-8AB3-93E5EBACADF3}] DATAGRAM 3
01/18/05 19:39:48 [A] Preparing To Reoder Installed Chains
01/18/05 19:39:48 [A] Reodering Installed Chains
01/18/05 19:39:48 [A] Saving New Protocol Order
01/18/05 19:39:48 [A] Popup thread OK
01/18/05 19:39:48 [A] Browser check thread OK
01/18/05 19:39:48 [A] Redirect thread OK
01/18/05 19:39:48 [A] Agent tracking www.shopathomeselect.com/agent/agenttracking.asp
01/18/05 19:39:48 [D] Connect to www.shopathomeselect.com
01/18/05 19:39:53 [D] HTTP 200 agent2/agenttracking.asp?CustomerID=&MID=&ruleID=&popupID=&validate=&redirectTrack=no&doPopup=no&version=2.0.0.8&owner=cdt1001&refer=340101705&LastPrefs=1990-05-30%2012:11:27&GUID={024F6B9D-37F6-47F0-9BEC-8799A14823A3}&UserAgent=Bundle&global=click.linksynergy.com&afsrc=1
01/18/05 19:39:53 [S] Checking for next update
01/18/05 19:39:53 [S] DateToSendNextHeartbeat: 2005-01-18 19:39:53
01/18/05 19:39:53 [S] DateOfCheckForNewValidate: 2005-01-18 19:39:53
01/18/05 19:39:53 [S] Validate date expired
01/18/05 19:39:53 [F] Starting downloader
01/18/05 19:39:53 [D] Connect to www.shopathomeselect.com
01/18/05 19:39:53 [D] Query: agent2/agentprefs2.sah
01/18/05 19:39:55 [D] HTTP 200 agent2/agentprefs2.sah
01/18/05 19:39:55 [F] OK. preferences loaded.
01/18/05 19:39:55 [F] Parsing XML preferences...
01/18/05 19:39:55 [F] Updating registry preferences...
SahAgent is shutdown. Un-install will be completed on System reboot

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:20 #19

Logfile of HijackThis v1.99.0
Scan saved at 22:20:04, on 18/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MSN Messenger\MsgPlus.exe
C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mohamed\Mes documents\Mes fichiers reçus\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKCU\..\Run: [neufbox_reminder] "C:\Program Files\Kit ADSL\Wizard\PostInstall_Checker.exe" -r
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A3FF6A9-030D-40BB-8AB3-93E5EBACADF3}: NameServer = 213.203.124.146 212.30.96.108
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A3FF6A9-030D-40BB-8AB3-93E5EBACADF3}: NameServer = 213.203.124.146 212.30.96.108
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - Unknown - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance - Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:23 #20

har valgt at behold Dap efter som bruger det meget !

Synes godt om

andersenph Nybegynder

18. januar 2005 - 22:32 #21

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe

Fix disse to.

Start op i fejlsikret tilstand og slet:

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe>>>filen realshed.exe
C:\Program Files\DeskAd Service>>>mappen Deskad service

Genstart og ny log.

Jeg vil nu opfordre dig til at fjerne Messenger plus. Det er altså årsag til meget skidt.....

Angående DAP
Du kan anvende Stardownloader i stedet.
DAP er fyldt med spyware…
Her er et link:
http://www.vollversion.de/download/stardownloader_1342.html

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:33 #22

er star downloader bedre en dap eller lig så godt ?

Synes godt om

andersenph Nybegynder

18. januar 2005 - 22:37 #23

Det er lige så godt.

Der er også et program, der hedder getright. Det skulle også være ok.

Synes godt om

andersenph Nybegynder

18. januar 2005 - 22:39 #24

O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
Denne skal også fixes forresten...

Synes godt om

logitech33 Nybegynder

18. januar 2005 - 22:41 #25

tror du at O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts er skyld i at min IExplorer ikke virker ?

Synes godt om

andersenph Nybegynder

18. januar 2005 - 23:10 #26

Det kunne godt tænkes.
Den skal i hvert fald væk.

Hvis ikke det virker bagefter, må vi prøve at geninstallere Internet Explorer.

Synes godt om

logitech33 Nybegynder

19. januar 2005 - 10:08 #27

okay, det virker perfect.. har i mulighed for at sætte svar ind .. jeg ved ikke hvordan point fordeling skal forgå.. kom med et bud :)

Synes godt om

andersenph Nybegynder

19. januar 2005 - 10:12 #28

Vi kan vel dele :O)

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Du kan også rense browser cachen

1. Klik på Funktioner - Internetindstillinger

2. Under midlertidige filer, klik på Slet cookies

3. Under midlertidige filer, klik på slet filer – sæt flueben i slet alt offline indhold

4. Under Oversigten, klik på ryd oversigten

5. Klik på ok.

Tøm din papirkurv.

Du kan rense temp med denne fil, det tager kun få sek.
www.spywareinfo.dk/download/cleantempxp2k.bat

Lidt råd med på vejen herfra skal du da også have.
For at sikre din pc fremover ville det være en god idé at bruge nogle af programmerne fra denne lille pakke som du kan se her:
http://www.spywarefri.dk/pakken.htm

Især vil jeg anbefale Spybot/og eller Ad-aware, SpywareBlaster, IE Privacy Keeper/el. EmtyTempFolder, IE-Spyad og SpywareGuard som minimum. De er alle gratis, fylder ikke meget, sløver ikke din pc og konflikter ikke med dine andre programmer

Synes godt om

logitech33 Nybegynder

23. januar 2005 - 12:03 #29

ok del med john_stigers :)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS