Notifikationer

Markér alle som læst Log ud

ka1r0ne Nybegynder

17. juni 2005 - 13:22 Der er 5 kommentarer

Hijackthis logfil, HJÆLP!!

Er der nogen der kan hjælpe mig med denne hijackthus logfil??

Hilsen

ComputerMongolen.

Logfile of HijackThis v1.99.1
Scan saved at 19:42:35, on 16-06-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\shnlog.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Programmer\Keyword accelerator\KeyID.exe
C:\PROGRA~1\ALWILS~1\AVAST32\AvMaiSrv.exe
C:\Programmer\WildTangent\Apps\GameChannel.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\WildTangent\Apps\CDA\GameDrvr.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Programmer\Common Files\eAcceleration\eanthology.exe
C:\Programmer\Acceleration Software\Anti-Virus\stopsignav.exe
C:\WINNT\System32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINNT\System32\hookdump.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINNT\System32\intmonp.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\System32\intmon.exe
C:\PROGRA~1\ALWILS~1\AVAST32\avServer.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\ALWILS~1\AVAST32\avupdsvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\mqsvc.exe
C:\Programmer\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Hijacksthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/iesearch.html/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Programmer\TV Media\TvmBho.dll
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hpF455.tmp
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programmer\ISTbar\istbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Vet Start Up] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VET32.EXE /PROGRESSIVE
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\COMPUT~1\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Keyword accelerator] C:\Programmer\Keyword accelerator\KeyID.exe
O4 - HKLM\..\Run: [AvMaiSrv] C:\PROGRA~1\ALWILS~1\AVAST32\AvMaiSrv.exe
O4 - HKLM\..\Run: [Avast32] C:\PROGRA~1\ALWILS~1\AVAST32\ASTART32.EXE /keepserver
O4 - HKLM\..\Run: [WinVNC] "C:\WINNT\system32\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [WT GameChannel] C:\Programmer\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CamTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [idydar] C:\WINNT\idydar.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [gfotmbij] C:\WINNT\gfotmbij.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [Grey Bird Peak New] C:\Documents and Settings\All Users\Application Data\drvupgreybird\corn log.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmer\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Programmer\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PSGuard] C:\Programmer\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [TV Media] C:\Programmer\TV Media\Tvm.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [EanthologyApp] "C:\Programmer\Common Files\eAcceleration\eanthology.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Programmer\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] C:\Programmer\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Programmer\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [active jump] C:\DOCUME~1\JOHANH~1\APPLIC~1\UPNEWA~1\Audio Bike.exe
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\System32\hookdump.exe
O4 - HKCU\..\Run: [TV Media] C:\Programmer\TV Media\Tvm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nykredit Internetbank - http://195.249.127.11/NykBank.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {0B4A9EB4-332F-11D1-BEA2-00A0245DA6F8} (FitCrypto Class) - http://195.184.35.73/hb/ebankweb/Software/FitSecure.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {131220DA-FF52-11D0-8445-000024202088} (EB_LogonUI.LogonUI) - http://www.homebanking.sdc.dk./ver230/Software/LogonUI.CAB
O16 - DPF: {1847C1C1-7274-11D2-A47D-00104B5B4D54} (EB_AgreementUI.AgreementUI) - http://62.243.6.73/hb/ebankweb/Software/AgreementUI.CAB
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {25F5AA75-B6D8-11CF-B348-00002422759D} (DataPoolSV10.CDataPool) - http://195.184.35.73/hb/ebankweb/Software/dpserver.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {35A8AF38-5A10-11D3-AEEA-C5867FE56224} (EB_AccountEntriesUI.AccountEntriesUI) - http://62.243.6.73/hb/ebankweb/Software/AccountEntries.cab
O16 - DPF: {36C72320-EDFC-11D0-89DB-02AA3C04DD07} (EBLanguageSelector.LanguageSelector) - http://www.homebanking.sdc.dk./ver230/Software/EBLanguageSelector.CAB
O16 - DPF: {47FCD744-28E2-11D1-A13A-000024601F43} (EB_CommonUtilities.Common1) - http://195.184.35.73/hb/ebankweb/Software/EB_CommonUtilities.CAB
O16 - DPF: {61E5A398-FE97-11D0-81C5-000024222F7F} (EB_ExportImportUI.ExportImportUI) - http://195.184.35.73/hb/ebankweb/Software/ExportImportUI.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7C2A1E81-6A69-11D1-8064-A01A01C10000} (EB_Alerter.AlerterBO) - http://195.184.35.73/hb/ebankweb/Software/AlerterBO.CAB
O16 - DPF: {86D3FB35-2862-11D1-8445-000024202088} (EB_CalculatorBO.CalculatorBO) - http://62.243.6.73/hb/ebankweb/Software/CalculatorBO.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {B7A2E681-3B00-11D1-81C5-000024222F7F} (EB_Secure.EBSecure) - http://195.184.35.73/hb/ebankweb/Software/EB_Secure.CAB
O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} (CpuPush Class) - http://virusscanasap.mcafeeasap.com/PushInstall/pushinst.cab
O16 - DPF: {CE00B72E-986F-11D3-BC3C-E29223000000} (ZLibCls Class) - http://195.184.35.73/hb/ebankweb/Software/FitZip.cab
O16 - DPF: {CF48D854-EC79-11D0-9EDC-00A0245DA6F6} (OfcCtl Class) - http://195.184.35.73/hb/ebankweb/Software/Ofx.cab
O16 - DPF: {DAB01827-98C2-11D1-AC92-000024601F43} (EB_TransferUI.TransferUI) - http://62.243.6.73/hb/ebankweb/Software/EB_TransferUI.CAB
O16 - DPF: {DD8B04E4-2B82-11D1-A13C-000024601F43} (EB_BillUI.BillUI) - http://62.243.6.73/hb/ebankweb/Software/BillUI.CAB
O16 - DPF: {E5CAA475-5F45-11D1-8064-A01A01C10000} (EBPrintSupport.HtmlTemplate) - http://195.184.35.73/hb/ebankweb/Software/EBPrintSupport.CAB
O16 - DPF: {EBC90C1A-FDDF-11D0-8445-000024202088} (EB_BalanceUI.BalanceUI) - http://62.243.6.73/hb/ebankweb/Software/BalanceUI.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {FBF3B698-FC3A-11D0-8445-000024202088} (EB_RegistrationUI.RegistrationUI) - http://www.homebanking.sdc.dk./ver230/Software/RegistrationUI.CAB
O20 - Winlogon Notify: style2 - C:\WINNT\q32783289_disk.dll (file missing)
O23 - Service: ivr (a3x) - Unknown owner - C:\WINNT\System32\winupdate.exe" -service (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Avast32 Start as Service - ALWIL Software - C:\Programmer\ALWIL Software\AVAST32\avserver.exe
O23 - Service: AvUpdSvc - ALWIL Software - C:\PROGRA~1\ALWILS~1\AVAST32\avupdsvc.exe
O23 - Service: AY Track 2 Trial Edition (AYTRACK) - Unknown owner - C:\Programmer\AY Mail 2\AYTRACK.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: PSEXESVC - Unknown owner - C:\WINNT\System32\PSEXESVC.EXE (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\system32\WinVNC.exe" -service (file missing)

Synes godt om

ka1r0ne Nybegynder

17. juni 2005 - 13:26 #1

Hm, det ser ikke ud til at SP1 er installeret, downloadede det ellers igår 329 MB og installerede det, men det ser unægteligt ud til at det ikke er korrekt installeret!

Synes godt om

ka1r0ne Nybegynder

17. juni 2005 - 13:35 #2

har installeret Macafee Anti virus og firewall. antivirus siger at der ikke er nogen virus, men hvis stopsign køres siger den at der er 28 inficerede filer? Macafee er opdateret!

Synes godt om

kalp Novice

17. juni 2005 - 13:35 #3

ser på det

Synes godt om

kalp Novice

17. juni 2005 - 13:50 #4

Kender du denne mappe ? C:\Programmer\AY Mail 2

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Afinstaller eller slet disse programmer/mapper manuelt.

C:\Programmer\TV Media\
C:\Programmer\ISTbar\
C:\Documents and Settings\All Users\Application Data\drvupgreybird\
C:\Programmer\WildTangent\
C:\Programmer\PSGuard\
C:\DOCUME~1\JOHANH~1\APPLIC~1\UPNEWA~1\

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelt tjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/iesearch.html/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O4 - HKLM\..\Run: [WT GameChannel] C:\Programmer\WildTangent\Apps\GameChannel.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Programmer\TV Media\TvmBho.dll
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINNT\System32\hpF455.tmp
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programmer\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [idydar] C:\WINNT\idydar.exe
O4 - HKLM\..\Run: [gfotmbij] C:\WINNT\gfotmbij.exe
O4 - HKLM\..\Run: [satmat] C:\WINNT\satmat.exe
O4 - HKLM\..\Run: [Grey Bird Peak New] C:\Documents and Settings\All Users\Application Data\drvupgreybird\corn log.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmer\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Programmer\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [PSGuard] C:\Programmer\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [TV Media] C:\Programmer\TV Media\Tvm.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [active jump] C:\DOCUME~1\JOHANH~1\APPLIC~1\UPNEWA~1\Audio Bike.exe
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\System32\hookdump.exe
O4 - HKCU\..\Run: [TV Media] C:\Programmer\TV Media\Tvm.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O20 - Winlogon Notify: style2 - C:\WINNT\q32783289_disk.dll (file missing)
O23 - Service: ivr (a3x) - Unknown owner - C:\WINNT\System32\winupdate.exe" -service (file missing)
O23 - Service: PSEXESVC - Unknown owner - C:\WINNT\System32\PSEXESVC.EXE (file missing)

Højreklik på windows start knappen (helt nede i venstre hjørne af din skærm) og vælge "Stifinder", klik på Funktioner->Mappeindstillinger->Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Find og slet (Kig godt efter!!.. Det du ikke finder har hijackthis muligvis selv kunne slette!)

Filerne

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\winupdate.exe
C:\sp.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\PSEXESVC.EXE
C:\WINNT\System32\shnlog.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINNT\System32\hookdump.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\intmon.exe
C:\WINNT\System32\hpF455.tmp
C:\WINNT\idydar.exe
C:\WINNT\gfotmbij.exe
C:\WINNT\satmat.exe

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Tryk start->kør og skriv "regedit"
Marker Denne Computer i regedit vinduet.
Tryk rediger->søg og skriv "PSEXESVC.EXE"
Slet alt du finder.
Luk regedit vinduet igen.

Gør det samme med "C:\WINNT\System32\winupdate.exe"

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Genstart normalt og kopir en ny hijackthis log herind så jeg kan se om vi fik fjernet det hele eller om noget skulle være blevet overset:)

Synes godt om

kalp Novice

30. september 2005 - 02:37 #5

hvis det var det må du meget gerne lukke spørgsmålet efter os:)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS