Søg
Avatar billede dinoskat Nybegynder
15. februar 2006 - 10:30 Der er 9 kommentarer

Hijackthis Log ? Please Hjælp.

HeeJ Alle ..

Er her en som vil hjælpe mig og min kæreste med at fjerne en virus fra hendes com ? her er en HiJackThis Log :

Logfile of HijackThis v1.99.1
Scan saved at 10:25:43, on 15-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\TOSHIBA\Power Management\CePMTray.exe
C:\Programmer\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmer\EzButton\EzButton.EXE
C:\Programmer\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
C:\Programmer\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Louise Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GIOVUA6G\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgzyojiauboazdifcpswwju.net/y6AcXJDDCTq1KRjPzdB79DaDg2hQlcOZMV1fMV3QJNVLu3srADNOr2CYDsC9UXsB.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {55E9E942-A4D0-4AAC-80F7-21CE3908B78F} - C:\DOCUME~1\LOUISE~1\APPLIC~1\thatreal\fast chin.exe
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programmer\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmer\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmer\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Programmer\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Programmer\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Bleh Pop Long Amok] C:\Documents and Settings\All Users\Application Data\Mix Setup Bleh Pop\thunkflaw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [SKIP FORD] C:\DOCUME~1\LOUISE~1\APPLIC~1\TOOLFU~1\GridExit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: FolderGuard - C:\Programmer\Folder Guard XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmer\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe


er der noget "snavs" i den ?
Avatar billede ejvindh Ekspert
15. februar 2006 - 11:03 #1
Ja, du har en lop-infektion, og den har du fået ved at installere Messenger+. Prøv at afinstallere Messenger+, og lav en ny Hijackthis-log, som du lægger herind :-)
Avatar billede dinoskat Nybegynder
15. februar 2006 - 11:09 #2
den nye log:

Logfile of HijackThis v1.99.1
Scan saved at 11:08:39, on 15-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\TOSHIBA\Power Management\CePMTray.exe
C:\Programmer\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmer\EzButton\EzButton.EXE
C:\Programmer\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
C:\Programmer\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Louise Hansen\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgzyojiauboazdifcpswwju.net/y6AcXJDDCTq1KRjPzdB79DaDg2hQlcOZMV1fMV3QJNVLu3srADNOr2CYDsC9UXsB.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programmer\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmer\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmer\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Programmer\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Programmer\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\LOUISE~1\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\RunOnce: [remititit30833] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\LOUISE~1\APPLIC~1\TOOLFU~1\26459.del
O4 - HKCU\..\RunOnce: [remititit4033] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\LOUISE~1\APPLIC~1\TOOLFU~1\26459.del
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: FolderGuard - C:\Programmer\Folder Guard XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmer\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede ejvindh Ekspert
15. februar 2006 - 11:22 #3
Sorry, jeg skulle også have skrevet at du skulle genstarte, inden du lavede den nye HJT. Gider du lige gøre det?
:o)
Avatar billede ejvindh Ekspert
15. februar 2006 - 13:06 #4
...og når du alligevel skal til det igen, kan du så ikke også lave en log med dette program:

Hent denne lille fil: http://www.fbeej.ctrlaltdel.dk/Programmer/fl.zip
Pak fl.zip ud og dobbeltklik på fl.bat - Notesblok åbner en lille tekstfil du skal kopiere herind.
Avatar billede dinoskat Nybegynder
15. februar 2006 - 14:20 #5
HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 14:10:43, on 15-02-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\TOSHIBA\Power Management\CePMTray.exe
C:\Programmer\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmer\EzButton\EzButton.EXE
C:\Programmer\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
C:\Programmer\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Louise Hansen\Skrivebord\hijackthis.exe
C:\Programmer\Logitech\Video\AlbumDB2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgzyojiauboazdifcpswwju.net/y6AcXJDDCTq1KRjPzdB79DaDg2hQlcOZMV1fMV3QJNVLu3srADNOr2CYDsC9UXsB.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Programmer\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmer\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmer\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [EzButton] C:\Programmer\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [TPNF] C:\Programmer\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: FolderGuard - C:\Programmer\Folder Guard XP\FGuard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmer\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

fl.bat Log:

Disken i drev C har ikke noget navn.
Diskens serienummer er 3827-9E2C

Indhold af C:\Documents and Settings\All Users\Application Data

09-09-2004  13:13    <DIR>          Adobe
16-12-2005  08:38    <DIR>          Creative
24-01-2006  20:03    <DIR>          Messenger Plus!
11-09-2005  14:08    <DIR>          Symantec
28-01-2006  19:09    <DIR>          Windows Genuine Advantage
              0 fil(er)                0 byte
              5 mappe(r)  38.368.784.384 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 3827-9E2C

Indhold af C:\Documents and Settings\Louise Hansen\Application Data

09-09-2004  13:14    <DIR>          Adobe
09-09-2004  13:14    <DIR>          AdobeUM
30-07-2005  15:52    <DIR>          Ahead
15-01-2006  19:23    <DIR>          DataLayer
04-06-2005  21:11    <DIR>          Help
09-09-2004  12:20    <DIR>          Identities
10-06-2005  19:40    <DIR>          InterVideo
30-07-2005  15:46    <DIR>          Lavasoft
19-11-2005  16:21    <DIR>          Macromedia
05-11-2005  21:48    <DIR>          Nokia
05-11-2005  19:03    <DIR>          Nokia Multimedia Player
05-11-2005  18:55    <DIR>          PC Suite
10-12-2005  19:41    <DIR>          Politiken
09-09-2004  12:18    <DIR>          Sun
09-09-2004  13:19    <DIR>          Symantec
15-02-2006  11:09    <DIR>          thatreal
15-02-2006  11:30    <DIR>          Tool funk scr
09-09-2004  13:10    <DIR>          toshiba
              0 fil(er)                0 byte
              18 mappe(r)  38.368.780.288 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 3827-9E2C

Indhold af C:\Documents and Settings\Default User\Application Data

09-09-2004  13:19    <DIR>          .
09-09-2004  13:19    <DIR>          ..
09-09-2004  14:02                62 desktop.ini
              1 fil(er)              62 byte
              2 mappe(r)  38.368.784.384 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 3827-9E2C

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er 3827-9E2C

Indhold af C:\Documents and Settings\NetworkService\Application Data



er det fint ?
Avatar billede ejvindh Ekspert
15. februar 2006 - 14:30 #6
Ja, det er fint, og det hjalp gevaldigt på den :-)

Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgzyojiauboazdifcpswwju.net/y6AcXJDDCTq1KRjPzdB79DaDg2hQlcOZMV1fMV3QJNVLu3srADNOr2CYDsC9UXsB.asp
R3 - Default URLSearchHook is missing

Det kan godt være, at du skal gøre det et par gange. Den R1-linie kan godt være lidt genstridig.

Når disse 2 linier er væk, skulle din computer være ren. Har det også løst dit problem?
Avatar billede dinoskat Nybegynder
16. februar 2006 - 21:28 #7
hvilket problem ?
Avatar billede ejvindh Ekspert
16. februar 2006 - 21:56 #8
Når du har lagt en HJT-log herind så går jeg ud fra at det er fordi du ikke er tilfreds med hvordan computeren opfører sig (dit problem) -- fx popups, el. lign. Ifølge de logs som jeg har modtaget fra dig, er virussen nu bekæmpet, men derfor kan der godt nogle gange være noget tilbage som skal fixes. Dette checker jeg ved at spørge om det oprindelige problem (grunden til at du har lagt loggen) er blevet løst.
Avatar billede ejvindh Ekspert
23. februar 2006 - 14:20 #9
Husk at lukke tråden efter dig.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 16:10 Bat file. Af johnnylassen i Andet programmering
I dag 10:28 “Signe” Svindel omtalt i medier Af nu_igen i Mobiltelefoner
I går 20:59 RAID controller virker ikke ved tilslutning af alle 4 harddiske Af Strawberry i Andet hardware
I går 13:38 Opret Logo via bogmærke og placer en knap på et Dotx dokument Af per2edb i Word
20/0419:38 Netkort finder 5 forbindelser,bare ikke min, Af valby i Internetforbindelser
White papers
Flere white papers »