‹‹ Hijackthis-log.. Er der nogen problemmer her??     Hijackthis. ››
 
 
 
lsas.exe
    [ Ignorer ]   
  Trygvi
22.05.2004 19:54:03
Antal indlæg: 2

Logfile of HijackThis v1.97.7
Scan saved at 17:34:32, on 22-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/PROGRA~1/NORTON~1/NORTON~2/GHOSTS~2.EXE
C:/Programmer/Norton SystemWorks/Norton AntiVirus/navapsvc.exe
C:/Programmer/Visual IP InSight/dk/ARMon32a.exe
C:/Programmer/Norton SystemWorks/Norton Utilities/NPROTECT.EXE
C:/WINDOWS/System32/nvsvc32.exe
C:/PROGRA~1/NORTON~1/SPEEDD~1/nopdb.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb05.exe
C:/Programmer/Norton SystemWorks/Norton Ghost/GhostStartTrayApp.exe
C:/WINDOWS/essspk.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/Programmer/Winamp/Winampa.exe
C:/WINDOWS/avserve2.exe
C:/Programmer/Spybot - Search & Destroy/SpybotSD.exe
C:/Hijackthis/HijackThis.exe
C:/Programmer/Messenger/msmsgs.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://find.tdconline.dk/msie_google.php
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://www.opasia.dk/msie_search.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.tdconline.dk/start
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.tdconline.dk/start
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton SystemWorks/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton SystemWorks/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM/../Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/System32/NeroCheck.exe
O4 - HKLM/../Run: [HPDJ Taskbar Utility] C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb05.exe
O4 - HKLM/../Run: [GhostStartTrayApp] C:/Programmer/Norton SystemWorks/Norton Ghost/GhostStartTrayApp.exe
O4 - HKLM/../Run: [EssSpkPhone] essspk.exe
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [ccRegVfy] “C:/Programmer/Fælles filer/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [WinampAgent] “C:/Programmer/Winamp/Winampa.exe”
O4 - HKLM/../Run: [avserve2.exe] C:/WINDOWS/avserve2.exe
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related; Links (HKLM)
O12 - Plugin for .pdf: C:/Programmer/Internet Explorer/PLUGINS/nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:/content/include/XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:/Content/include/msSecUcd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 1 ]   
  FBJ Emeritus
22.05.2004 20:01:14
Redaktør
Avatar
Supporter Emeritus
Antal indlæg: 17644

Hej Trygvi og velkommen til Spywarefri.dk

Check denne adresse (Sasser):

http://www.spywarefri.dk/virus.htm#sasser

Følg alle råd, brug alle værktøjer og læg en frisk log herind når du er klar.

Signatur

Gode råd om sikkerhed….

    [ Ignorer ]   [ # 2 ]   
  Trygvi
23.05.2004 01:32:22
Antal indlæg: 2

Har fulgt din guide og lavet en ny logfil

mvh.
Trygvi

Logfile of HijackThis v1.97.7
Scan saved at 21:21:06, on 22-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/PROGRA~1/NORTON~1/NORTON~2/GHOSTS~2.EXE
C:/Programmer/Norton SystemWorks/Norton AntiVirus/navapsvc.exe
C:/Programmer/Visual IP InSight/dk/ARMon32a.exe
C:/Programmer/Norton SystemWorks/Norton Utilities/NPROTECT.EXE
C:/WINDOWS/System32/nvsvc32.exe
C:/PROGRA~1/NORTON~1/SPEEDD~1/nopdb.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb05.exe
C:/Programmer/Norton SystemWorks/Norton Ghost/GhostStartTrayApp.exe
C:/WINDOWS/essspk.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/Programmer/Winamp/Winampa.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Hijackthis/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://find.tdconline.dk/msie_google.php
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://www.opasia.dk/msie_search.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.tdconline.dk/start
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.tdconline.dk/start
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton SystemWorks/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton SystemWorks/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM/../Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/System32/NeroCheck.exe
O4 - HKLM/../Run: [HPDJ Taskbar Utility] C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb05.exe
O4 - HKLM/../Run: [GhostStartTrayApp] C:/Programmer/Norton SystemWorks/Norton Ghost/GhostStartTrayApp.exe
O4 - HKLM/../Run: [EssSpkPhone] essspk.exe
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [ccRegVfy] “C:/Programmer/Fælles filer/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [WinampAgent] “C:/Programmer/Winamp/Winampa.exe”
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related; Links (HKLM)
O12 - Plugin for .pdf: C:/Programmer/Internet Explorer/PLUGINS/nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:/content/include/XPPatchInstaller.CAB
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:/Content/include/msSecUcd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    [ Ignorer ]   [ # 3 ]   
  FBJ Emeritus
23.05.2004 01:53:13
Redaktør
Avatar
Supporter Emeritus
Antal indlæg: 17644

Din log er ren smile og du kan aktivere systemgendannelse igen.

Har du beskyttet din Internet Explorer med SpyBot S&D? Disse linier tyder på det:

O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present

Hvis du ikke selv har sat begrænsningerne, så skal linierne fixes med HijackThis (Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”).

Du skal lige have et par gode råd om sikker surfing med på vejen:

http://www.spywarefri.dk/pakken.htm

God fornøjelse

Signatur

Gode råd om sikkerhed….

 
‹‹ Hijackthis-log.. Er der nogen problemmer her??     Hijackthis. ››
 
Om os | Kontakt os
Copyright © 2003-2010 Spywarefri - Alle rettigheder haves