Søg
Avatar billede schouborg1974 Nybegynder
06. juli 2005 - 00:13 Der er 16 kommentarer

har jeg virus

der sker følgende en lille gul trekant står nede i hjørnet og blinker hele tiden først med spyvare så med virus og hver gang jeg starter exploren ryger den ind på en reklmae side jeg har prøvet alle mulige scanner programmer men syntes ikke det hjælper og jeg har lige lavet en log fil med hijack som en af mine kammerater sagde jeg skulle nogen der kan hjælpe mig ???

Logfile of HijackThis v1.99.1
Scan saved at 00:02:27, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\msole32.exe
D:\Programmer\Ahead\InCD\InCD.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
D:\Programmer\Microsoft IntelliPoint\point32.exe
D:\Programmer\Microsoft IntelliType Pro\type32.exe
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
D:\Programmer\VIA\RAID\raid_tool.exe
D:\Programmer\WinZip\WZQKPICK.EXE
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\jackass\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: HyperSearchHook - {66F99144-A77C-4048-8085-66148C7D334E} - D:\Programmer\Fælles filer\Hyperbar\HyperbarSS3.dll (file missing)
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\System32\hpF7E.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnsyslog] D:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [msnappau] "D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RegSvr32] D:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DVDXGhost] D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916680810
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://212.10.197.34/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - D:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede levich Nybegynder
06. juli 2005 - 08:49 #1
Øjeblik.
Avatar billede levich Nybegynder
06. juli 2005 - 09:30 #2
Læs alle punkterne inden du gør noget.

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R3 - URLSearchHook: HyperSearchHook - {66F99144-A77C-4048-8085-66148C7D334E} - D:\Programmer\Fælles filer\Hyperbar\HyperbarSS3.dll (file missing)
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - D:\WINDOWS\System32\hpF7E.tmp
O4 - HKLM\..\Run: [msnsyslog] D:\WINDOWS\msnappm.exe

(4)
Åbn en tilfældig mappe, i menuen klik på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
D:\WINDOWS\System32\hpF7E.tmp
D:\WINDOWS\msnappm.exe
... og følgende mappe:
D:\Programmer\Fælles filer\Hyperbar\

(5)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt tage et par timer.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(8)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
Avatar billede schouborg1974 Nybegynder
06. juli 2005 - 14:48 #3
hmm så har jeg gjort det hele men kan stadigvæk ikke lave en start side i exploren og min nye log fil ser sådan herud nu

Logfile of HijackThis v1.99.1
Scan saved at 14:47:31, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\System32\msole32.exe
D:\Programmer\Ahead\InCD\InCD.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
D:\Programmer\Microsoft IntelliPoint\point32.exe
D:\Programmer\Microsoft IntelliType Pro\type32.exe
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
D:\Programmer\VIA\RAID\raid_tool.exe
D:\Programmer\WinZip\WZQKPICK.EXE
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Documents and Settings\jackass\Skrivebord\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RegSvr32] D:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DVDXGhost] D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916680810
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://212.10.197.34/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - D:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede schouborg1974 Nybegynder
06. juli 2005 - 14:57 #4
og den laver samme ting igen med den lille gule trekant i bunden
Avatar billede levich Nybegynder
06. juli 2005 - 15:31 #5
Prøv lige det her:

Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.
Avatar billede schouborg1974 Nybegynder
06. juli 2005 - 17:26 #6
hjælper ikke den skide oneclicksearch forsvinder ikke den bliver ved ny log fil her

Logfile of HijackThis v1.99.1
Scan saved at 17:23:58, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\System32\msole32.exe
D:\Programmer\Ahead\InCD\InCD.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
D:\Programmer\Microsoft IntelliPoint\point32.exe
D:\Programmer\Microsoft IntelliType Pro\type32.exe
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
D:\Programmer\VIA\RAID\raid_tool.exe
D:\Programmer\WinZip\WZQKPICK.EXE
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Programmer\Messenger\msmsgs.exe
D:\WINDOWS\System32\LogFiles\K7061900.so
D:\WINDOWS\system32\cmd.exe
D:\Programmer\Mozilla Thunderbird\thunderbird.exe
D:\Documents and Settings\jackass\Skrivebord\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RegSvr32] D:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DVDXGhost] D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916680810
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://212.10.197.34/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - D:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede levich Nybegynder
06. juli 2005 - 17:49 #7
Jeg havde overset noget, nu skulle den være der.

(1)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O4 - HKLM\..\Run: [RegSvr32] D:\WINDOWS\System32\msmsgs.exe

(2)
Åbn en tilfældig mappe, i menuen klik på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende fil:
D:\WINDOWS\System32\msmsgs.exe

(3)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(4)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt tage et par timer.

(5)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.
Avatar billede schouborg1974 Nybegynder
06. juli 2005 - 19:11 #8
her er den nye den gule trekant er væk men kan stadigvæk ikke skifte start side


Logfile of HijackThis v1.99.1
Scan saved at 19:07:46, on 07/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Ahead\InCD\InCD.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
D:\Programmer\Microsoft IntelliPoint\point32.exe
D:\Programmer\Microsoft IntelliType Pro\type32.exe
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
D:\Programmer\VIA\RAID\raid_tool.exe
D:\Programmer\WinZip\WZQKPICK.EXE
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\WINDOWS\System32\msiexec.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Programmer\Windows Media Player\wmplayer.exe
D:\Documents and Settings\jackass\Skrivebord\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DVDXGhost] D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916680810
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://212.10.197.34/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - D:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede levich Nybegynder
06. juli 2005 - 22:20 #9
Hent og udpak: http://www.fbeej.dk/Programmer/smitfraud1.zip

Hent denne scanner: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

(1)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/

(2)
Dobbeltklik på smitfraud.reg som du pakkede ud og sig Ja til at flette.

Dobbeltklik så på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Klik så på den grønne fodgænger ovre til højre på siden, så starter scanningen.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med Total session statistics.

(3)
Genstart normalt.
Hent http://www.spywarefri.dk/vaerktoj.htm#spybot (Spybot).
Start programmet, opdater og scan. Slet linjerne med rød tekst.
Genstart computeren.

(4)
Lav en ny log med hijackthis, og send den herind.

NB: Ovenstående er baseret på http://spywarefri.dk/forum/topic.asp?whichpage=1&TOPIC_ID=15526&#111420
Avatar billede schouborg1974 Nybegynder
07. juli 2005 - 14:18 #10
først drweb

Total session statistics
=============================================================================
Objects scanned: 21579
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Objects cured: 0
Objects deleted: 2
Objects renamed: 0
Objects moved: 0
Scan speed: 2716 Kb/s
Scan time: 00:21:56
Avatar billede schouborg1974 Nybegynder
07. juli 2005 - 14:51 #11
og hijack  men har ikke hjulpet er nok ikke andet at gøre en at installere det hele på ny men takker for hjælpen
Logfile of HijackThis v1.99.1
Scan saved at 14:50:03, on 07/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Ahead\InCD\InCD.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
D:\Programmer\Microsoft IntelliPoint\point32.exe
D:\Programmer\Microsoft IntelliType Pro\type32.exe
D:\Programmer\D-Tools\daemon.exe
D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
D:\Programmer\VIA\RAID\raid_tool.exe
D:\Programmer\WinZip\WZQKPICK.EXE
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\system32\ZONELABS\vsmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\HPZipm12.exe
D:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Mozilla Thunderbird\thunderbird.exe
D:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\Programmer\Internet Explorer\iexplore.exe
D:\Documents and Settings\jackass\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "D:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "D:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "D:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DVDXGhost] D:\Programmer\DVD X Studios\DVD X Utilities\DVDGhost\DVDGhost.exe
O4 - Global Startup: VIA RAID TOOL.lnk = D:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094916680810
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://212.10.197.34/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswarm.com/agent/1.3.0.1/DMInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{093B94B4-C3BE-4FC1-BC99-E5243FF7865A}: NameServer = 193.162.153.164 194.239.134.83
O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - D:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - D:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede levich Nybegynder
07. juli 2005 - 15:14 #12
Jeg har ikke flere idéer, men jeg er sikker på at en af de rigtige garvede tydere af hijackthis-logs har en idé til at løse problemet. Prøv at vente et par timer/dage og se om der kommer andre forslag.
Avatar billede arlet Juniormester
07. juli 2005 - 17:28 #13
Skulle vi ikke prøve cwshredder:

Hent og kør CWSHredder herfra: http://www.arlet.dk/special.htm
genstart og ny hijackthis log
Avatar billede arlet Juniormester
13. juli 2005 - 17:45 #14
Har du brug for mere hjælp, eller har du fået dit spørgsmål besvaret??, for så skal du huske at lukke dit spørgsmål pænt igen ved at marker et navn i boksen til venstre og tryk accepter..
Avatar billede schouborg1974 Nybegynder
13. juli 2005 - 19:13 #15
det vil den ikke har formateret harddisken
Avatar billede levich Nybegynder
03. august 2005 - 14:59 #16
Nu smider jeg altså er svar, så kan du give point til mig eller lade være.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 10:42 Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23 Facebook Af hkv i Sociale medier
29/0411:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
29/0409:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
White papers
Flere white papers »