Avatar billede bdp Nybegynder
14. juli 2004 - 12:52 Der er 7 kommentarer og
1 løsning

hvem kan tjekke denneHijackThis log - på forhånd tak

Hvad skal fjernes i loggen - maskinen starter altid op med internetsiden "blank" og er iøvrigt langsom.

LOG: 
Logfile of HijackThis v1.98.0
Scan saved at 12:20:11, on 14-07-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\NavNT\vptray.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\sstray.exe
C:\PROGRA~1\CHICAB~1\help mail comp.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
D:\winamp 5.2\Winamp\winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\bjarnefar\Lokale indstillinger\Temporary Internet Files\Content.IE5\Y58VUD65\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Programmer\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programmer\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: drivegrammpeg - {DCAFB0C4-D889-4F15-8332-742F2AA42543} - C:\PROGRA~1\BaseFork\SiteTool.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programmer\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O3 - Toolbar: TestSixthOnce - {6679C5BD-FA34-D34D-76DF-DE9FCCE8DF87} - C:\PROGRA~1\BaseFork\SiteTool.dll
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ooze road] C:\PROGRA~1\CHICAB~1\help mail comp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\winamp 5.2\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: PopupPopper Kontrol Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/20609/online.chm::/on-line.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
Avatar billede resist Nybegynder
14. juli 2004 - 12:57 #1
Nu skal jeg kigge loggen igennem.
Avatar billede resist Nybegynder
14. juli 2004 - 13:14 #2
Hent CWShredder her:http://danborg.org/spyware/CWS/cwshredder.exe
Du skal bruge programmet senere.

Opret en mappe kun til HijackThis. Placer HijackThis i denne mappe og kør programmet derfra.

Slå systemgendannelse fra. Hvis du ikke ved, hvordan du gør så kig her: http://www.spywarefri.dk/virusscannere.htm#alle

Herunder er der nogle filer, som du skal fixe. Sæt en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned.

Fix disse med HijackThis:

R3 - Default URLSearchHook is missing

O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programmer\QuickSearch\QuickSearchBar3_28.dll
O2 - BHO: drivegrammpeg - {DCAFB0C4-D889-4F15-8332-742F2AA42543} - C:\PROGRA~1\BaseFork\SiteTool.dll

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Programmer\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: TestSixthOnce - {6679C5BD-FA34-D34D-76DF-DE9FCCE8DF87} - C:\PROGRA~1\BaseFork\SiteTool.dll

O4 - HKLM\..\Run: [ooze road] C:\PROGRA~1\CHICAB~1\help mail comp.exe
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - Global Startup: Date Manager.lnk = C:\Programmer\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: PrecisionTime.lnk = C:\Programmer\PrecisionTime\PrecisionTime.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/20609/online.chm::/on-line.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) –
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

----
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
----

Genstart i fejlsikret tilstand (F8 i opstart).  Find og slet:

C:\PROGRA~1\PERFEC~1 >>>> mappen PERFEC~1
C:\Programmer\QuickSearch\ >>>> mappen QuickSearch
C:\PROGRA~1\BaseFork\ >>>> mappen BaseFork
C:\PROGRA~1\CHICAB~1\ >>>> mappen CHICAB~1
C:\Programmer\Common files\updmgr\ >>>> mappen updmgr
C:\Programmer\Date Manager\ >>>> mappen Date Manager
C:\Programmer\PrecisionTime\ >>>> mappen PrecisionTime

Kør CWShredder, luk alle vinduer - undtagen CWShredder, klik på Fix. Programmet scanner nu. Når det er færdigt, så klik på Next og Exit.


Genstart almindeligt og send en ny log herind til tjek - tak
Avatar billede bdp Nybegynder
14. juli 2004 - 14:31 #3
Jeg har kørt som du har foreslået.

Af de 7 filer jeg skulle fjerne har jeg kun kunne finde denne:  C:\Programmer\Common files\updmgr\ >>>> mappen updmgr

De andre er ikke på min maskine (Sæt prik i "Vis skjulte filer og mapper" er foretaget)

Her er den nye logfile:

Logfile of HijackThis v1.98.0
Scan saved at 14:30:58, on 14-07-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\NavNT\vptray.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\sstray.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
D:\winamp 5.2\Winamp\winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\bjarnefar\Lokale indstillinger\Temporary Internet Files\Content.IE5\S5638PU7\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Programmer\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\winamp 5.2\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PopupPopper Kontrol Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

Hvad siger "eksperten så ? ? ?  Er jeg ren ?
Avatar billede resist Nybegynder
14. juli 2004 - 14:37 #4
Nu skal jeg kigge den nye log igennem ;-)
Avatar billede resist Nybegynder
14. juli 2004 - 14:45 #5
Det ser tilfredsstillende ud – det har du gjort godt ;-)

Kig lige en ekstra gang efter disse mapper:

C:\PROGRA~1\PERFEC~1 >>>> mappen PERFEC~1
C:\Programmer\QuickSearch\ >>>> mappen QuickSearch
C:\PROGRA~1\BaseFork\ >>>> mappen BaseFork
C:\PROGRA~1\CHICAB~1\ >>>> mappen CHICAB~1
C:\Programmer\Common files\updmgr\ >>>> mappen updmgr
C:\Programmer\Date Manager\ >>>> mappen Date Manager
C:\Programmer\PrecisionTime\ >>>> mappen PrecisionTime

Hvis mapperne er der, så slet dem.

Når du har sikret dig, at de er slettet, må du slå systemgendannelse til igen og sætte mappeindstillinger tilbage til oprindelige indstillinger.

Her er et link til sikker surfing: http://www.spywarefri.dk/pakken.htm
Avatar billede bdp Nybegynder
14. juli 2004 - 14:51 #6
Tak for svarene
Avatar billede resist Nybegynder
14. juli 2004 - 15:04 #7
Velbekomme ;-)
Avatar billede resist Nybegynder
14. juli 2004 - 15:05 #8
For resten er det en god ide at få opdateret Windows og IE med SP1 m.m. : http://v4.windowsupdate.microsoft.com/da/default.asp
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB

Danske Spil A/S

Senior backend-udvikler

Capgemini Danmark A/S

Project Manager

Dynamicweb Software A/S

Solution Architect