Søg
Avatar billede Slettet bruger
04. maj 2006 - 21:57 Der er 10 kommentarer

HijackThis logfil

Herunder er den fil jeg modtog da jeg for nylig tjekkede min søsters computer for adware med HijackThis. Jeg vil meget nødigt pille ved det selv så hvis en af jeg ville tjekke den ville det være perfekt.

C:\Programmer\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programmer\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: (no name) - {CFA24177-1B10-98F5-09EC-C800744E3BD4} - C:\DOCUME~1\Per\APPLIC~1\INTERN~1\online16.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LaunchAp] C:\Programmer\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmer\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [OSD] C:\Programmer\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programmer\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Per\Dokumenter\Nina\msn\MsgPlus.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [five grey bleh default] C:\Documents and Settings\All Users\Application Data\Iso Remote Five Grey\DashHeart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransMode] C:\DOCUME~1\Per\APPLIC~1\FLAGVG~1\warn bows.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Programmer\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /min
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Mouse Control.lnk = C:\Programmer\Mouse\Mouse Control\Panel.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/01347a338b1338f08120/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://193.109.42.21:8080/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Avatar billede Computer Hjælp (Gratis) Mester
04. maj 2006 - 22:06 #1
(Vi skal lige have toppen af loggen med)
Avatar billede Computer Hjælp (Gratis) Mester
04. maj 2006 - 22:08 #2
Og så ka' du lige læse dette ang [MessengerPlus3] => http://www.eksperten.dk/spm/528544

Og der ER flere 'snavs' elementer i ovenstående log...
Avatar billede Slettet bruger
04. maj 2006 - 22:16 #3
Hey sorry den manglende del af filen havde ikke set den. Den ser sådan her ud:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Launch Manager\OSD.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Documents and Settings\Per\Dokumenter\Nina\msn\MsgPlus.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Mouse\Mouse Control\Panel.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmer\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmer\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmer\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programmer\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programmer\HijackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: (no name) - {CFA24177-1B10-98F5-09EC-C800744E3BD4} - C:\DOCUME~1\Per\APPLIC~1\INTERN~1\online16.exe (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LaunchAp] C:\Programmer\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmer\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [OSD] C:\Programmer\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programmer\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Per\Dokumenter\Nina\msn\MsgPlus.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [five grey bleh default] C:\Documents and Settings\All Users\Application Data\Iso Remote Five Grey\DashHeart.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransMode] C:\DOCUME~1\Per\APPLIC~1\FLAGVG~1\warn bows.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Programmer\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /min
O4 - Global Startup: F-Secure Anti-Virus 2006.lnk = C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Mouse Control.lnk = C:\Programmer\Mouse\Mouse Control\Panel.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/01347a338b1338f08120/netzip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://193.109.42.21:8080/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: F-Secure Anti-Virus 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Er forresten ikke sikker på msng plus skal lige se nærmere på den. Udgør den en decideret risiko?
Avatar billede Slettet bruger
04. maj 2006 - 22:28 #4
Og kan du forresten liste de ting der er galt så jeg kan slette dem?
Avatar billede Computer Hjælp (Gratis) Mester
04. maj 2006 - 22:31 #5
Ang  [MessengerPlus3] - så ka' jeg ikke li' at "supporte" et firma som 'lever' af Spyware 'snavs'... der må være andre/bedre muligheder...

Det er denne del af toppen jeg mener -> eksempel
Logfile of HijackThis v1.99.1
Scan saved at 23:25:37, on 01-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Avatar billede Computer Hjælp (Gratis) Mester
04. maj 2006 - 22:33 #6
... som sagt/skrevet ER der flere 'snavs' elementer i ovenstående log...

Rul i først omgang denne procedure:
http://www.eksperten.dk/artikler/954

(Andre må gerne ta' over herfra... er ikke mere 'på' idag ...)
Avatar billede Computer Hjælp (Gratis) Mester
04. maj 2006 - 22:37 #7
Til min orientering:
O2 - BHO: (no name) - {CFA24177-1B10-98F5-09EC-C800744E3BD4} - C:\DOCUME~1\Per\APPLIC~1\INTERN~1\online16.exe (file missing)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Per\Dokumenter\Nina\msn\MsgPlus.exe"
O4 - HKLM\..\Run: [five grey bleh default] C:\Documents and Settings\All Users\Application Data\Iso Remote Five Grey\DashHeart.exe
O4 - HKCU\..\Run: [TransMode] C:\DOCUME~1\Per\APPLIC~1\FLAGVG~1\warn bows.exe
O4 - HKCU\..\Run: [ErrorSafe] "C:\Programmer\Error Safe Free\ers.exe" /min
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
Avatar billede Slettet bruger
04. maj 2006 - 22:42 #8
Det går jo rigtig godt for mig hva? ;-)
Beklager mine manglende evner for pc programmer i kan lige få toppen her:

Logfile of HijackThis v1.99.1
Scan saved at 21:44:41, on 04-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Avatar billede ejvindh Ekspert
06. maj 2006 - 11:38 #9
I dette tilfælde ville det faktisk være en rigtig god ide at afinstallere Messenger+, idet den infektion, du har i loggen er en lop-infektion, som helt klart kommer fra Msg+ -- og som sandsynligvis vil forsvinde, hvis du afinstallerer MSG+. Når du er i gang med at afinstallere, kan du også prøve om du kan få lov til at afinstallere Errorsafe. Læg herefter en ny HJT-log herind, så vi kan se, hvor langt du er kommet med problemet.

Dr1: Denne linie:
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

...er ikke snavs:
http://castlecops.com/o18list-83.html
Avatar billede Computer Hjælp (Gratis) Mester
08. maj 2006 - 10:17 #10
... så venter vi 'bare' på at <michaelzzz> vender tilbage med (NYE) Logs...

Historien om  [MessengerPlus3] -> http://www.eksperten.dk/spm/528544
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:43 Installation af Adobe Photoshop Elements 2019 Af mort1 i Billedbehandling
17/0418:29 Gendanne slettet partition overskrevet med Windows 11 Af Strawberry i Windows
17/0416:11 Samle data fra flere kolonner i 1 Af FinnLauridsen i Excel
17/0414:44 ny fjernbetjening til DVD afspiller fra 2004 Af Nette i Andet hardware
17/0412:36 Manglende kode Af Bent i Windows
White papers
Flere white papers »