En kan hjælpe med tolkning af min HijackThis log?
Hej, jeg har et problem med en browser toolbar som bliver ved med at poppe op når jeg starter internet explorer. Jeg ved ikke hvor denne er kommet fra men det kunne meget vel være da jeg installerede messenger plus og kom til at acceptere deres sponsores spyware :-(. Jeg har kørt Ad-Aware SE og Spybot search and destroy 1,3 men disse kan ikke løse problemet. Et andet problem er at jeg lånte en kammerats internet og installerede det nødvendige software (NC NUMERICABLE) jeg har nu fået min engen net adgang (med neuf telecom) så jeg afinstallerede softwaren fra NC NUMERICABLE, men øverst i det blå panel i browser vinduet står der stadig "Google - NC NUMERICABLE" (hvis jeg f.eks. besøger www.google.com) og jeg får stadig diverse popups fra NC NUMERICABLE.Her er min Hijackthis log, håber at der er en der kan hjælpe mig:
(jeg ser at loggen angiver min platform til at være windows xp sp1, betyder dette at jeg bør downloade og installere service pakke 2?)
Logfile of HijackThis v1.98.2
Scan saved at 17:16:44, on 14-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmer\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bluetooth-software\bin\btwdins.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\ltmoh\Ltmoh.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\EzButton\CplBCL50.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Friendly Technologies\BroadbandAccess\fts.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Bluetooth-software\BTTray.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Empty Temp Folders 2.8.3\emprun.exe
C:\Programmer\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zepto.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.jzogdhkvhxxlhlwbbf.biz/30pT3tfiEdTIWv6LmMb0/1rvD1HkQgmCu3d_yYlS5gl2ruzZDwgsL6VVIlmZoPWa.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NC NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {1156DD79-BDD7-38C0-1A61-D7D3F85DAF34} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmer\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CplBCL50] C:\Programmer\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [pilesoft] C:\PROGRA~1\BASHIN~1\Wipe gpl kind.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Programmer\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [Trust meta ante plan] C:\Documents and Settings\All Users\Application Data\RoadTestTrustMeta\spam extra.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyPoker\IEExtension.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Bluetooth-software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.zepto.dk
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD12240-430D-4B7E-99FB-E3435B1DD864}: NameServer = 132.168.148.11,132.166.192.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{651C5FC4-9265-42EB-9FE4-5D076E30F1D0}: NameServer = 80.118.192.100 80.118.196.36