hijackThis.log

Logfile of HijackThis v1.99.1
Scan saved at 14:24:38, on 2039-11-06
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\QUICKT~1\qttask.exe
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Vanliga filer\CMEII\CMESys.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\sp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\YICX.EXE
c:\program\intern~1\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program\Messenger\Msmsgs.exe
C:\Program\mozilla.org\Mozilla\Mozilla.exe
C:\Documents and Settings\JULLE\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fcmkdtidkv.com/bAgN3LAnnSCQWqE0R2T_XC0qrr7UE_3pHl/CnPw2iq3rykC4CPGxHf4mtz1VH68g.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iznzsmeczrg.com/bAgN3LAnnSCQWqE0R2T_XC0qrr7UE_3pHl/CnPw2iq3CGz7zT_RSZv4mtz1VH68g.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {88C819DD-1225-325C-D552-44D570670AC2} - C:\Program\INTRAP~1\RoadAcid.exe
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Program\Vanliga filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [phone intra dale data] C:\WINDOWS\All Users\Programdata\hide build phone intra\doesbrowse.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\JULLE\LOKALA~1\Temp\DELDIR0.EXE" "C:\Program\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRAM\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [beep start] C:\DOCUME~1\JULLE\APPLIC~1\SOFTPO~1\COPYMPEG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: YICX.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRAM\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6_s.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ja okay:)

Genstart i fejlsikret tilstand.

Slet eller afinstaller disse mapper


C:\Program\Vanliga filer\CMEII\
C:\Program\WildTangent\

Fix disse linjer i hijackthis

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fcmkdtidkv.com/bAgN3LAnnSCQWqE0R2T_XC0qrr7UE_3pHl/CnPw2iq3rykC4CPGxHf 4mtz1VH68g.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iznzsmeczrg.com/bAgN3LAnnSCQWqE0R2T_XC0qrr7UE_3pHl/CnPw2iq3CGz7zT_RSZ v4mtz1VH68g.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {88C819DD-1225-325C-D552-44D570670AC2} - C:\Program\INTRAP~1\RoadAcid.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program\Vanliga filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [phone intra dale data] C:\WINDOWS\All Users\Programdata\hide build phone intra\doesbrowse.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\JULLE\LOKALA~1\Temp\DELDIR0.EXE" "C:\Program\McAfee\McAfee Shared Components\Guardian\"
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [beep start] C:\DOCUME~1\JULLE\APPLIC~1\SOFTPO~1\COPYMPEG.exe
O4 - Global Startup: YICX.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6_s.cab

Slet disse filer

C:\sp.exe
C:\WINDOWS\svchost.exe
C:\Documents and Settings\All Users\Start-meny\Program\Autostart\YICX.EXE
C:\WINDOWS\All Users\Programdata\hide build phone intra\doesbrowse.exe
C:\DOCUME~1\JULLE\APPLIC~1\SOFTPO~1\COPYMPEG.exe

Genstart normalt og ny log

Tak. Hav lidt tålmodighed mht den nye log da det er en comp. jeg er ved at fixe over telefonen til Sverige, så det kan godt være der lige går et par dage.

kalp -> Det var sgu lidt svært at ordne det over telefonen grundet det svenske windows og en uerfaren pc-bruger. Jeg ordner det selv når jeg kommer derover på et tidspunkt. Men smid et svar.

får du her:)