hijack log
  cpil
Antal indlæg: 1

her er min hijack log er der nogle der vil se på den for mig

Jeg har kørt spybot og har norman virus kontrol, men den bliver deaktiveret hver gang jeg prøver at kører den.

MVH

Anders

Logfile of HijackThis v1.98.2
Scan saved at 10:38:17, on 28-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/csrss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Programmer/Logitech/Video/LogiTray.exe
C:/Programmer/Java/j2re1.4.2_04/bin/jusched.exe
C:/Programmer/ScanSoft/OmniPageSE/opware32.exe
C:/WINDOWS/server.exe
C:/windows/system32/msiexec16.exe
C:/Programmer/Palm/HOTSYNC.EXE
C:/windows/system32/msn.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/WINDOWS/DvzCommon/DvzMsgr.exe
C:/WINDOWS/System32/LVComS.exe
C:/WINDOWS/System32/Macromed/fdaemon/FireDaemon.exe
C:/WINDOWS/System32/Macromed/servu/ServUDaemon.exe
C:/WINDOWS/System32/svchost.exe
C:/Programmer/Internet Explorer/iexplore.exe
C:/Programmer/Spybot - Search & Destroy/SpybotSD.exe
C:/Programmer/Microsoft Office/OFFICE11/WINWORD.EXE
C:/WINDOWS/System32/wuauclt.exe
C:/Documents and Settings/Anders Piil/Skrivebord/hijackthis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.msn.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU/Software/Microsoft/Internet Explorer/SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
F0 - system.ini: Shell=Explorer.exe C:/windows/system32/msiexec16.exe
F1 - win.ini: run=C:/windows/system32/msiexec16.exe
F2 - REG:system.ini: Shell=Explorer.exe C:/WINDOWS/WinIogon.exe
F3 - REG:win.ini: load=C:/WINDOWS/WinIogon.exe
F3 - REG:win.ini: run=C:/WINDOWS/WinIogon.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:/WINDOWS/Downloaded Program Files/ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:/WINDOWS/Downloaded Program Files/ycomp5_3_16_0.dll
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [Omnipage] C:/Programmer/ScanSoft/OmniPageSE/opware32.exe
O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit
O4 - HKLM/../Run: [Norman ZANDA] C:/NORMAN/NORMAN/Nvc/BIN/ZLH.EXE /LOAD /SPLASH
O4 - HKLM/../Run: [SunJavaUpdateSched] C:/Programmer/Java/j2re1.4.2_04/bin/jusched.exe
O4 - HKLM/../Run: [LogitechVideoRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [LogitechVideoTray] C:/Programmer/Logitech/Video/LogiTray.exe
O4 - HKLM/../Run: [LogitechGalleryRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [HPDJ Taskbar Utility] C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb04.exe
O4 - HKLM/../Run: [System32Ex] C:/System32Ex.exe
O4 - HKLM/../Run: [Windows Logon Application] C:/WINDOWS/WinIogon.exe
O4 - HKLM/../Run: [GLIT32] C:/windows/system32/msn.exe
O4 - HKLM/../Run: [RunProg] C:/WINDOWS/server.exe
O4 - HKLM/../Run: [GLSetIT32] C:/windows/system32/msiexec16.exe
O4 - HKLM/../Run: [DirectX For Microsoft® Windows] C:/WINDOWS/System32/dtxservice.exe -atm
O4 - HKLM/../RunServices: [Windows Logon Application] C:/WINDOWS/WinIogon.exe
O4 - HKLM/../RunServices: [GLIT32] C:/windows/system32/msn.exe
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKCU/../Run: [Yahoo! Pager] C:/Programmer/Yahoo!/Messenger/ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:/Programmer/Palm/HOTSYNC.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:/WINDOWS/DvzCommon/DvzMsgr.exe
O7 - HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System, DisableRegedit=1
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:/PROGRA~1/MICROS~2/OFFICE11/EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~2/OFFICE11/REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O12 - Plugin for .spop: C:/Programmer/Internet Explorer/Plugins/NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab

Redaktør
Avatar
Antal indlæg: 18176

Hej cpil og velkommen til Spywarefri.dk

Der er lidt at gå i gang med - jeg kigger lige på den og vender tilbage om lidt.

Redaktør
Avatar
Antal indlæg: 18176

Hej igen cpil

1. For at kunne se alle filer:

Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

2. Dernæst genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

3. Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU/Software/Microsoft/Internet Explorer/SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
F0 - system.ini: Shell=Explorer.exe C:/windows/system32/msiexec16.exe
F1 - win.ini: run=C:/windows/system32/msiexec16.exe
F2 - REG:system.ini: Shell=Explorer.exe C:/WINDOWS/WinIogon.exe
F3 - REG:win.ini: load=C:/WINDOWS/WinIogon.exe
F3 - REG:win.ini: run=C:/WINDOWS/WinIogon.exe
O4 - HKLM/../Run: [System32Ex] C:/System32Ex.exe
O4 - HKLM/../Run: [Windows Logon Application] C:/WINDOWS/WinIogon.exe
O4 - HKLM/../Run: [GLIT32] C:/windows/system32/msn.exe
O4 - HKLM/../Run: [RunProg] C:/WINDOWS/server.exe
O4 - HKLM/../Run: [GLSetIT32] C:/windows/system32/msiexec16.exe
O4 - HKLM/../Run: [DirectX For Microsoft® Windows] C:/WINDOWS/System32/dtxservice.exe -atm
O4 - HKLM/../RunServices: [Windows Logon Application] C:/WINDOWS/WinIogon.exe
O4 - HKLM/../RunServices: [GLIT32] C:/windows/system32/msn.exe
O4 - Startup: PowerReg SchedulerV2.exe
O7 - HKCU/Software/Microsoft/Windows/CurrentVersion/Policies/System, DisableRegedit=1

4. Find og slet

C:/windows/system32/msiexec16.exe
C:/WINDOWS/WinIogon.exe
C:/System32Ex.exe
C:/windows/system32/msn.exe
C:/WINDOWS/server.exe
C:/WINDOWS/System32/dtxservice.exe

5. Genstart i Normal tilstand, scan din computer med denne online scanner:

http://housecall.trendmicro.com/housecall/start_corp.asp

Kør derefter HijackThis, scan og læg en frisk log herind.