Notifikationer

Markér alle som læst Log ud

jammerlab Nybegynder

29. januar 2005 - 20:51 Der er 12 kommentarer og
1 løsning

hijackthis log

der må være en del der skal fjernes... sig frem.

Logfile of HijackThis v1.99.0
Scan saved at 20:47:10, on 29-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\m?config.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Winamp\Winamp.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesper\Skrivebord\hjt.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.odsmufcefs.com/NmEoshC7LCgxgnsoeQJdV7RiIvvOuVKq1Q/mbw4ENoVrQGsQt3uEigWD0w60Yb5A.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jesper\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kgjpquzesyttnzqgyfblm.com/NmEoshC7LCheX77HykajDoolXSKB9v_g7NlIhWWCWt4.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {12F720FB-3899-0E8E-5B63-FCA733D0811D} - C:\DOCUME~1\Jesper\APPLIC~1\AUDIOP~1\This 2.exe (file missing)
O2 - BHO: (no name) - {51CE5296-C00E-E18F-2E65-9DDC4738E198} - C:\WINDOWS\System32\vuswi.dll
O2 - BHO: (no name) - {BA08FCA1-623B-446F-94DD-CF2EE68C830F} - C:\WINDOWS\System32\nbgadl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Programmer\IEMenuExtension\tbextn.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KAZAA] "C:\Programmer\Kazaa Lite K++\kpp.exe" "C:\Programmer\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [Hindustan] C:\Documents and Settings\Jesper\Skrivebord\msn-fake\msmsgs.exe
O4 - HKLM\..\Run: [control] C:\WINDOWS\MSN.exe
O4 - HKLM\..\Run: [MSNicker v2.2] C:\Documents and Settings\Jesper\Skrivebord\MSNicker22\msnicker.exe
O4 - HKLM\..\Run: [Winip] C:\WINDOWS\winip.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [JafSrv32] C:\WINDOWS\jafsrv.exe
O4 - HKLM\..\Run: [DctSrv32] C:\WINDOWS\dctsrv.exe
O4 - HKLM\..\Run: [deleteaceteamaxis] C:\Documents and Settings\All Users\Application Data\spam boob delete ace\trustreal.exe
O4 - HKLM\..\Run: [A8MGcRid] C:\WINDOWS\owspb.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Vuuekm.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [BENDFOR] C:\DOCUME~1\Jesper\APPLIC~1\THATON~1\Antisoftlive.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Programmer\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Soae] C:\Documents and Settings\Jesper\Application Data\bsct.exe
O4 - HKCU\..\Run: [Wfrwgd] C:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDK
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097776827031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter: text/html - {FDBFE22F-59E9-4C61-B80B-C418759EA407} - C:\WINDOWS\System32\nbgadl.dll
O18 - Filter: text/plain - {FDBFE22F-59E9-4C61-B80B-C418759EA407} - C:\WINDOWS\System32\nbgadl.dll
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Npogedhg.dll (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\FLLESF~1\SONYSH~1\AVLib\Sptisrv.exe

Synes godt om

kalp Novice

29. januar 2005 - 20:52 #1

jeg kigger lige på den

Synes godt om

kalp Novice

29. januar 2005 - 20:53 #2

har du noget imod at afinstallere messenger plus og komme med en ny log?

Synes godt om

jammerlab Nybegynder

29. januar 2005 - 20:58 #3

Nop... done:

Logfile of HijackThis v1.99.0
Scan saved at 20:57:55, on 29-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\m?config.exe
C:\Programmer\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Winamp\Winamp.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jesper\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jesper\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jesper\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kgjpquzesyttnzqgyfblm.com/NmEoshC7LCheX77HykajDoolXSKB9v_g7NlIhWWCWt4.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {12F720FB-3899-0E8E-5B63-FCA733D0811D} - C:\DOCUME~1\Jesper\APPLIC~1\AUDIOP~1\This 2.exe (file missing)
O2 - BHO: (no name) - {51CE5296-C00E-E18F-2E65-9DDC4738E198} - C:\WINDOWS\System32\vuswi.dll
O2 - BHO: (no name) - {BA08FCA1-623B-446F-94DD-CF2EE68C830F} - C:\WINDOWS\System32\nbgadl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Programmer\IEMenuExtension\tbextn.dll (file missing)
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KAZAA] "C:\Programmer\Kazaa Lite K++\kpp.exe" "C:\Programmer\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [Hindustan] C:\Documents and Settings\Jesper\Skrivebord\msn-fake\msmsgs.exe
O4 - HKLM\..\Run: [control] C:\WINDOWS\MSN.exe
O4 - HKLM\..\Run: [MSNicker v2.2] C:\Documents and Settings\Jesper\Skrivebord\MSNicker22\msnicker.exe
O4 - HKLM\..\Run: [Winip] C:\WINDOWS\winip.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [JafSrv32] C:\WINDOWS\jafsrv.exe
O4 - HKLM\..\Run: [DctSrv32] C:\WINDOWS\dctsrv.exe
O4 - HKLM\..\Run: [A8MGcRid] C:\WINDOWS\owspb.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Vuuekm.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Jesper\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [MessengerDiscovery] C:\Programmer\MessengerDiscovery\MessengerDiscovery.exe
O4 - HKCU\..\Run: [Soae] C:\Documents and Settings\Jesper\Application Data\bsct.exe
O4 - HKCU\..\Run: [Wfrwgd] C:\WINDOWS\System32\m?config.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDK
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097776827031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Filter: text/html - {4615C6C3-FB3A-497E-A3C1-BC946A9B3B72} - C:\WINDOWS\System32\nbgadl.dll
O18 - Filter: text/plain - {4615C6C3-FB3A-497E-A3C1-BC946A9B3B72} - C:\WINDOWS\System32\nbgadl.dll
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Npogedhg.dll (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\FLLESF~1\SONYSH~1\AVLib\Sptisrv.exe

Synes godt om

kalp Novice

29. januar 2005 - 21:00 #4

Jeg går i gang

Synes godt om

kalp Novice

29. januar 2005 - 21:18 #5

CWShredder
http://www.mdegn.dk/download/CWShredder.exe

AboutBuster
http://downloads.subratam.org/AboutBuster.zip

Download DelDomains.inf
http://www.mvps.org/winhelp2002/DelDomains.inf

Download og gem denne scanner på skrivebordet.
http://www.spywareinfo.dk/download/mwav.exe

(Vi skal bruge Dem senere)

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jesper\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Jesper\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kgjpquzesyttnzqgyfblm.com/NmEoshC7LCheX77HykajDoolXSKB9v_g7NlIhWWCWt4.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: (no name) - {12F720FB-3899-0E8E-5B63-FCA733D0811D} - C:\DOCUME~1\Jesper\APPLIC~1\AUDIOP~1\This 2.exe (file missing),
O2 - BHO: (no name) - {51CE5296-C00E-E18F-2E65-9DDC4738E198} - C:\WINDOWS\System32\vuswi.dll
O2 - BHO: (no name) - {BA08FCA1-623B-446F-94DD-CF2EE68C830F} - C:\WINDOWS\System32\nbgadl.dll
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} - C:\Programmer\IEMenuExtension\tbextn.dll (file missing)
O4 - HKLM\..\Run: [ewupdater] C:\WINDOWS\ewupdater.exe
O4 - HKLM\..\Run: [Hindustan] C:\Documents and Settings\Jesper\Skrivebord\msn-fake\msmsgs.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "C:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [JafSrv32] C:\WINDOWS\jafsrv.exe
O4 - HKLM\..\Run: [DctSrv32] C:\WINDOWS\dctsrv.exe
O4 - HKLM\..\Run: [A8MGcRid] C:\WINDOWS\owspb.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Vuuekm.exe
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Jesper\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [Soae] C:\Documents and Settings\Jesper\Application Data\bsct.exe
O4 - HKCU\..\Run: [Wfrwgd] C:\WINDOWS\System32\m?config.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDK
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Programmer\EmpirePoker\EmpirePoker.exe (file missing)
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://iframedollars.biz/tb/loader2.ocx
O18 - Filter: text/html - {4615C6C3-FB3A-497E-A3C1-BC946A9B3B72} - C:\WINDOWS\System32\nbgadl.dll
O18 - Filter: text/plain - {4615C6C3-FB3A-497E-A3C1-BC946A9B3B72} - C:\WINDOWS\System32\nbgadl.dll
O21 - SSODL: Web Event Logger - {7EFBAEFF-EE02-1333-ABDF-416572E5D639} - C:\WINDOWS\System32\Npogedhg.dll (file missing)
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing)

Find og slet

Disse filer

C:\WINDOWS\ewupdater.exe
C:\WINDOWS\System32\m?config.exe
C:\WINDOWS\jafsrv.exe
C:\WINDOWS\dctsrv.exe
C:\WINDOWS\owspb.exe
C:\WINDOWS\System32\Vuuekm.exe
C:\Documents and Settings\Jesper\Application Data\bsct.ex

Disse mapper (prøv i første omgang om du kan fjerne dem via. tilføj og fjern programmer)

C:\Program Files\Internet Optimizer\
C:\Documents and Settings\Jesper\Skrivebord\msn-fake\
C:\Programmer\EmpirePoker\

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Slet disse filer

C:\WINDOWS\System32\vuswi.dll
C:\WINDOWS\System32\nbgadl.dll
C:\Programmer\IEMenuExtension\tbextn.dll
C:\WINDOWS\System32\Npogedhg.dll

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

højreklik på DelDomains.inf og vælg: Install

Kør AboutBuster

Kør CWShredder

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Slet alt den finder..

Genstart normalt og smid en ny log fil herind

Synes godt om

jammerlab Nybegynder

29. januar 2005 - 21:21 #6

Kan ikke se på det nu... vender tilbage imorgen men på forhånd tak.

Synes godt om

kalp Novice

29. januar 2005 - 21:28 #7

Vi tager den bare der så:)

Synes godt om

jammerlab Nybegynder

30. januar 2005 - 19:22 #8

Den nye log:

Logfile of HijackThis v1.99.0
Scan saved at 19:21:17, on 30-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\winip.exe
C:\WINDOWS\System32\Lrjccx.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jesper\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Winip] C:\WINDOWS\winip.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Lrjccx.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097776827031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\PROGRA~1\FLLESF~1\SONYSH~1\AVLib\Sptisrv.exe

Jeg skal ned på kasernen idag så jeg kan først se på det igen på fredag... hav lidt tålmodighed :)

Synes godt om

kalp Novice

30. januar 2005 - 19:46 #9

Genstart i fejlsikret tilstand

find og slet

C:\WINDOWS\System32\Lrjccx.exe

fiks disse linjer i hijackthis

O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Lrjccx.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

Synes godt om

jammerlab Nybegynder

11. februar 2005 - 23:20 #10

smid et svar tak :)

Synes godt om

kalp Novice

11. februar 2005 - 23:23 #11

Det får du da her:)

Synes godt om

jammerlab Nybegynder

11. februar 2005 - 23:24 #12

Tak for hjælpen :)

Synes godt om

kalp Novice

11. februar 2005 - 23:26 #13

Selv tak:) det var en fornøjelse!

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
hvilken afløser kan I anbefale? Af jcr18 i Andet sikkerhed	5	17/03/202610:32	18/03/202615:36
Advarsler om datalæk for nogle apps Af nu_igen i Andet sikkerhed	6	02/02/202614:54	03/02/202613:45
Mail fra Yousee ? Svindel? Af nu_igen i Andet sikkerhed	4	13/01/202617:27	14/01/202609:36
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed	4	13/11/202515:09	14/11/202510:45
Google fake Af johp i Andet sikkerhed	3	27/10/202516:31	28/10/202506:52

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

03/04

Podcasten Hard Fork giver et skarpt blik på ugens vigtigste tech-historier

03/04

Nørgaard: Læs skideballen fra en ukrainer til Rheinmetal - og derfor trender #MadeByHousewives

03/04

Læs hele Computerworlds løn-magasin: Så meget får danske it-folk i løn

02/04

Sådan kan du implementere ansvarlig AI i din organisation

01/04

Vi tester to udgaver af Denons Home-højttalere - og vi er ikke i tvivl om dommen

01/04

Som slagterlærling traf Rasmus et livsændrende valg: Nu er han udviklingschef i kæmpe energivirksomhed

01/04

Hård kritik efter tirsdagens stor-nedbrud: MitID er som en stor hullet ost og kan udvikle sig til en national katastrofe

01/04

OpenAI får kæmpemæssig kapitaltilførsel: Bliver værdisat til 5.500 milliarder kroner

01/04

Anthropic-medarbejder har ved et uheld lækket hele Claude Codes kildekode: 500.000 linier kode sluppet fri

01/04

Mørklægger årsag til tirsdagens timelange MitID-nedbrud: Vil intet fortælle af 'sikkerhedsmæssige årsager'

01/04

Hver fjerde forventer nul kroner i lønforhøjelse: It-testerne er blandt branchens mest pessimistiske for tredje år i træk

Vis flere artikler

IT-JOB

Forsvarsministeriets Materiel- og Indkøbsstyrelse

IT-Sikkerhedsrådgiver til Cyberdivisionen i Hvidovre

Capgemini Danmark A/S

SAP S/4HANA Finance Lead

Region Midtjylland

Bliv kontorchef og sæt retning for regionens arbejde med data

SOS International

Platform Engineer

Evida

Løsningsarkitekt

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 09:43	AI google.com Af Peter Olsen i Andre onlineløsninger
31/0310:22	Makro der gemmer vedhæftet fil fra Msg og omdøber filen Af lokesa i Excel
30/0313:45	Kablet forbindelse mellem android telefon og windows 11 pc Af 1Dorte i Android
30/0312:04	Elementtype vises - og ikke billedet? Af hkprofil i Billedbehandling
29/0312:08	Problemer med replay af købte kursusvideoer Af annam i Browsere

White papers

Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf

Flere white papers »