Søg
Avatar billede jakob24 Nybegynder
04. maj 2005 - 13:21 Der er 8 kommentarer

401 MPV warning

I forsg på at logge på internettet gennem stofanet oplevede jeg at følgende advarselsside havde erstattet min startside:

Privacy Vulnerabillity Detected (401 MPV Warning)

efterfølgende er der en lang tekst der fortæller at computeren er åben for alle og al data er synlig.

Det forslås at jeg downloader (køber) et program der hedder "Evidence Eliminater" for at rense computeren.

Mit spørgsmål er:

Er der nogle der kender advarslen og ved hvad den skyldes (er det spyware eller er den reel)?

Er der nogle der kender programmet "Evidence Eliminater" og ved om det er godt/skidt?

På forhånd tak
Avatar billede kalp Novice
04. maj 2005 - 15:45 #1
Download hijackthis herfra og gem det i en folder for sig selv på dit skrivebord

http://downloadportal.dk/showdownload.asp?rid=3967&sp=Hijackthis%201.91
eller et direkte download link herfra www.arlet.dk/hjt.exe

Start programmet og vælge, at udføre en scan samt gemme en log fil.
Når hijackthis er færdig med, at scanne vil den bede dig om en placering hvor du vil gemme "hijackthis" en tekst fil.
Gem den i samme folder som hijackthis. Når du har sagt okay hopper der et nyt vindue frem nemlig notepad med en masse tekst linjer. Marker alle linjerne og kopir dem herind så jeg kan kigge på dem. Du må ikke selv begynde, at fikse noget i hijackthis.
Avatar billede jakob24 Nybegynder
05. maj 2005 - 18:45 #2
Dette er logfilen. Den ser lidt fucked ud synes jeg. Kan ikke lide alle de nederste. Sådan plejer det vist ikke at se ud. Men du må meget gerne kigge på det.

På forhånd tak

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMER\SYMANTEC\LIVEUPDATE\NDETECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAMMER\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\PROGRAMMER\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\PROGRAMMER\FæLLES FILER\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMER\EVIDENCE ELIMINATOR\EE.EXE
C:\Programmer\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
C:\PROGRAMMER\HEWLETT-PACKARD\HP OFFICEJET R SERIES\SCANPICTURE\HPSPLMWA.EXE
C:\PROGRAMMER\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SKRIVEBORD\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [SetPoint] C:\Programmer\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\PROGRAMMER\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - HKCU\..\Run: [Evidence Eliminator] C:\PROGRAMMER\EVIDENCE ELIMINATOR\ee.exe /m
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpmdlbwa.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
O4 - Startup: HP ScanPicture.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet R Series\ScanPicture\hpsplmwa.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/087a47a1db8d9d189320/netzip/RdxIE601.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/usa/html.chm::/html.exe
O18 - Protocol: offline-8876480 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw00 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw00s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw10 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw10s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw20 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw20s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw30 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw30s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw40 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw40s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw50 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw50s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw60 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw60s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw70 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw70s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw80 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw80s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw90 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw90s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwa0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwa0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwb0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwb0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwc0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwc0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwd0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwd0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwe0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwe0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwf0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwf0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwg0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwg0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwh0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwh0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwi0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwi0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwj0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwj0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwk0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwk0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwl0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwl0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwm0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwm0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwn0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwn0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwo0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwo0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwp0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwp0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwq0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwq0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwr0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwr0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bws0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bws0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwt0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwt0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwu0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwu0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwv0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwv0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bww0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bww0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwx0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwx0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwy0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwy0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwz0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwz0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw-0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw-0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw+0 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bw+0s - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL (file missing)
Avatar billede kalp Novice
05. maj 2005 - 18:53 #3
yep ser på det:)
Avatar billede kalp Novice
05. maj 2005 - 18:57 #4
Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelt tjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpl.dll/asst.htm
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/usa/html.chm:: /html.exe

Alle 018 linjerne.. altså disse
O18 - Protocol: offline-8876480 - {01365F89-B029-43D5-8EDA-0D33B8ABA222} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL (file missing)

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Find og slet (Kig godt efter!!.. Det du ikke finder har hijackthis nok fjernet!)

Filerne

C:\html.mHT
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart normalt og kopir en ny log herind så jeg kan se om vi fik ramt på det hele eller om noget er blevet overset:)
Avatar billede jakob24 Nybegynder
06. maj 2005 - 19:09 #5
Her er logfilen efter rensning. Den ser en god del bedre ud. I min hijackthis folder er der kommet en mappe der hedder backup. Skal den bare slettes eller hvad skal jeg gøre med den?

Men jeg tror den er der. Du må lige lave et nyt svar så du kan få point.

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMER\SYMANTEC\LIVEUPDATE\NDETECT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAMMER\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAMMER\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\Programmer\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
C:\PROGRAMMER\HEWLETT-PACKARD\HP OFFICEJET R SERIES\SCANPICTURE\HPSPLMWA.EXE
C:\PROGRAMMER\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SKRIVEBORD\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Vet Alert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETTRAY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [SetPoint] C:\Programmer\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\PROGRAMMER\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized
O4 - Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Startup: hpmdlbwa.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
O4 - Startup: HP ScanPicture.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet R Series\ScanPicture\hpsplmwa.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/087a47a1db8d9d189320/netzip/RdxIE601.cab
Avatar billede kalp Novice
06. maj 2005 - 22:24 #6
Den er der nu:)

hent lige http://cexx.org/lspfix.zip

Kør LSPfix, sæt flueben i "I know what I am doing" klik på finish, genstart.

se om denne linje er væk i loggen.

O10 - Unknown file in Winsock LSP: c:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
Avatar billede jakob24 Nybegynder
08. maj 2005 - 19:52 #7
Cool. Tak for hjælpen.

Ved du om man bare skal slette den backup som Hijackthis laver og gemmer i sin egen mappe? Bare så der ikke ryger noget nødvendigt.

Takker
Avatar billede kalp Novice
08. maj 2005 - 19:55 #8
Du må gerne slette backup i hijackthis
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 10:42 Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23 Facebook Af hkv i Sociale medier
29/0411:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
29/0409:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
White papers
Flere white papers »