CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede zefab Nybegynder
27. april 2005 - 11:27 Der er 10 kommentarer og
1 løsning

Hijack This!! Hjælp til logfil!

Hej
Jeg har nogle irriterende popups der dukker op hver gang jeg åbner en ny side i internet explorer.
Jeg har kørt Hijack this og Adaware...
Er der en ekspert som kan hjælpe mig, pleezze?
Avatar billede zefab Nybegynder
27. april 2005 - 11:28 #1
Logfile of HijackThis v1.99.1
Scan saved at 11:21:15, on 27-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\exelk41a.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\traduction02\Application Data\ttau.exe
C:\Program Files\Cerus\Landpark\IP Clients\LpIPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\d?xplore.exe
C:\Program Files\Alpha Realms\Alpha Key Saver 3\AKeySave.exe
C:\Program Files\Alpha Realms\Alpha Key Saver 3\AKeySave.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Media Player Classic\mplayerc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\traduction02\Bureau\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://onvgqttmaauvxdogqunhqyqx.com/ETGTkGR32VoMDOrLlAUp54/9b/C_GdEIj/bYdz6Xtz3O3DZpFuNSCIPEnGhY7cXu.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pixmania.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Fotovista
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B4BF5BEE-E52A-FBA5-2737-C1A94B9F5B91} - C:\WINDOWS\system32\xqry.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ItMonitor] C:\WINDOWS\WASAY\MONITOR.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [BlooSoftphone for FotoVista AutoStart] "C:\WINDOWS\system32\BlooSoftphone for FotoVista.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [pF3U36Q] exelk41a.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Eews] C:\Documents and Settings\traduction02\Application Data\ttau.exe
O4 - HKCU\..\Run: [Ball Nurb] C:\DOCUME~1\TRADUC~1\APPLIC~1\KNOBSI~1\TWO STUPID.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Landpark IP Client.lnk = C:\Program Files\Cerus\Landpark\IP Clients\LpIPClient.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = groupe-llp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = groupe-llp.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
Avatar billede kalp Novice
27. april 2005 - 11:28 #2
ser på den
Avatar billede kalp Novice
27. april 2005 - 11:33 #3
Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Afinstaller eller slet disse programmer/mapper manuelt.

C:\Program Files\AutoUpdate

Og de her kun hvis ikke du selv kender dem eller har installeret dem

C:\Program Files\Alpha Realms
C:\Program Files\Cerus
C:\WINDOWS\WASAY

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelt tjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://onvgqttmaauvxdogqunhqyqx.com/ETGTkGR32VoMDOrLlAUp54/9b/C_GdEIj/bYdz6Xtz3O3DZpFuNSCIPEnGhY7cXu.htm
O2 - BHO: (no name) - {B4BF5BEE-E52A-FBA5-2737-C1A94B9F5B91} - C:\WINDOWS\system32\xqry.dll
O4 - HKLM\..\Run: [pF3U36Q] exelk41a.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [Eews] C:\Documents and Settings\traduction02\Application Data\ttau.exe 
O4 - HKCU\..\Run: [Ball Nurb] C:\DOCUME~1\TRADUC~1\APPLIC~1\KNOBSI~1\TWO STUPID.exe

Den her hvis ikke du har installeret noget på din pc der har med din telefon at gøre
O4 - HKLM\..\Run: [BlooSoftphone for FotoVista AutoStart] "C:\WINDOWS\system32\BlooSoftphone for FotoVista.exe"

Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Find og slet (Kig godt efter!!.. Det du ikke finder har hijackthis nok fjernet!)

Filerne

C:\WINDOWS\system32\exelk41a.exe
C:\Documents and Settings\traduction02\Application Data\ttau.exe
C:\WINDOWS\system32\d?xplore.exe
C:\WINDOWS\system32\xqry.dll

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Genstart normalt og kopir en ny log herind så jeg kan se om vi fik ramt på det hele eller om noget er blevet overset:)
Avatar billede zefab Nybegynder
27. april 2005 - 13:49 #4
Hej Kalp

Tak for hurtigt svar!
Her er så logfil fra eScan

File C:\WINDOWS\njgqc.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\AlxRes.dll tagged as not-a-virus:AdWare.ToolBar.AlexaBar.a. No Action Taken.
File C:\WINDOWS\system32\f3PSSavr.scr tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\WINDOWS\system32\dxdso.exe tagged as not-a-virus:AdWare.Apropos.i. No Action Taken.
File C:\WINDOWS\system32\AlxRes.dll tagged as not-a-virus:AdWare.ToolBar.AlexaBar.a. No Action Taken.
File C:\WINDOWS\system32\f3PSSavr.scr tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\WINDOWS\system32\dxdso.exe tagged as not-a-virus:AdWare.Apropos.i. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Bib dead inside byte\PEAKFACE.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\traduction02\Local Settings\Temp\yhsmfdrh.exe tagged as not-a-virus:AdWare.Lop.m. No Action Taken.
File C:\Documents and Settings\traduction02\Local Settings\Temp\AutoUpdate0\auto_update_install.exe infected by "Trojan-Downloader.Win32.Apropo.u" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\traduction02\Bureau\backups\backup-20050420-131646-867.dll infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\traduction02\Bureau\backups\backup-20050421-092943-118.dll infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\traduction02\Bureau\backups\backup-20050427-122827-623.dll tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.
File C:\Documents and Settings\traduction02\Application Data\ttau.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.
File C:\Documents and Settings\traduction02\Application Data\KnobSignFirst\TWO STUPID.exe tagged as not-a-virus:AdWare.Lop.m. No Action Taken.
File C:\Documents and Settings\traduction02\Application Data\KnobSignFirst\ngucrkzn.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\traduction02\Application Data\KnobSignFirst\Flap Iso Dash Way.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\traduction02\Application Data\KnobSignFirst\ErrorBuildBalm.exe infected by "Trojan-Downloader.Win32.Swizzor.cb" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\traduction02\Application Data\flagface\Keep Download.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted.
File C:\Program Files\Daily Weather Forecast\weather.exe infected by "Trojan-Downloader.Win32.Centim.an" Virus. Action Taken: File Deleted.
File C:\Program Files\CxtPls\CxtPls.dll infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: File Deleted.
File C:\Program Files\CxtPls\WinGenerics.dll tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\Program Files\CxtPls\uninstaller.exe tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\Program Files\C2Media\Setup.exe tagged as not-a-virus:AdWare.Lop. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP280\A0040420.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP281\A0040477.EXE infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP282\A0040483.exe tagged as not-a-virus:AdWare.Lop.m. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP283\A0040547.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041859.dll tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041863.exe infected by "Trojan-Downloader.Win32.Apropo.aa" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041872.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041894.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041896.dll infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041897.dll infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041898.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041899.exe infected by "Trojan-Downloader.Win32.Swizzor.cb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041900.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041903.exe infected by "Trojan-Downloader.Win32.Centim.an" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP287\A0041904.dll infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035072.EXE tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035075.DLL tagged as not-a-virus:AdWare.FunWeb.d. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035076.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035077.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035078.SCR tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035079.dll tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035081.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035082.EXE tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035084.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035085.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035086.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035087.DLL tagged as not-a-virus:AdWare.TotalVelocity.MyWebSearch.b. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035089.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP251\A0035091.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP252\A0035098.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP258\A0037683.dll tagged as not-a-virus:AdWare.ToolBar.AlexaBar.a. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP262\A0038150.EXE tagged as not-a-virus:AdWare.Sahat.s. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP262\A0038154.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP262\A0038169.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP263\A0038182.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP263\A0038184.exe tagged as not-a-virus:AdWare.PowerScan.d. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP263\A0038185.DLL tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP263\A0038186.dll infected by "Trojan-Downloader.Win32.IstBar.hj" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP263\A0038188.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP264\A0038223.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP265\A0038245.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP265\A0038295.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP266\A0038391.dll tagged as not-a-virus:AdWare.PurityScan.ak. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP270\A0038663.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP270\A0038666.dll tagged as not-a-virus:AdWare.ToolBar.AlexaBar.a. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP270\A0038667.dll tagged as not-a-virus:AdWare.ToolBar.AlexaBar.a. No Action Taken.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP273\A0038683.EXE infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{60114291-54E5-4EC6-87BD-1261E1EB4C80}\RP275\A0039868.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: File Deleted.
Avatar billede kalp Novice
27. april 2005 - 13:59 #5
Genstart i fejlsikret tilstand.. slet disse filer og mapper

C:\Program Files\CxtPls\
C:\Program Files\C2Media
C:\Program Files\Daily Weather Forecast\
C:\Documents and Settings\traduction02\Application Data\KnobSignFirst\ngucrkzn.exe
C:\Documents and Settings\traduction02\Application Data\KnobSignFirst\TWO STUPID.exe
C:\Documents and Settings\traduction02\Application Data\ttau.exe
C:\Documents and Settings\traduction02\Local Settings\Temp\yhsmfdrh.exe
C:\Documents and Settings\All Users\Application Data\Bib dead inside byte\PEAKFACE.exe
C:\WINDOWS\system32\dxdso.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\AlxRes.dll
C:\WINDOWS\system32\dxdso.exe
C:\WINDOWS\system32\AlxRes.dll
C:\WINDOWS\njgqc.exe

send mig så en ny log fra hijackthis i normal tilstand.
Avatar billede zefab Nybegynder
27. april 2005 - 14:01 #6
Pop up vinduerne er væk...
Så jeg giver dig points nu...
Men hvad skal jeg med alle de filer, hvor eScan siger "Action not taken". Skal de fjernes manuelt i fejlsikret tilstand? Eller skal jeg bare lade det ligge...
Avatar billede kalp Novice
27. april 2005 - 14:16 #7
det er dem som jeg siger du skal slette.. i mit indlæg før:))
i fejlsikret tilstand.

du skal også lige slå systemgendannelse fra en gang , genstarte og slå det til igen.
Avatar billede zefab Nybegynder
27. april 2005 - 14:17 #8
Hej igen

Her kommer log fra hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 14:16:43, on 27-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\traduction02\Bureau\hijackthis.exe
C:\Documents and Settings\traduction02\Bureau\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pixmania.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Fotovista
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Landpark IP Client.lnk = C:\Program Files\Cerus\Landpark\IP Clients\LpIPClient.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = groupe-llp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = groupe-llp.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
Avatar billede kalp Novice
27. april 2005 - 14:30 #9
loggen er ren;)
bare gør de andre ting så er der ikke mere:)
Avatar billede zefab Nybegynder
27. april 2005 - 14:34 #10
Takker!
Nu mangler jeg kun at "slå systemgendannelse fra en gang , genstarte og slå det til igen."
Tusind tak for hjælpen Kalp!
Avatar billede kalp Novice
27. april 2005 - 14:41 #11
selv tak:))
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Browsere kategorien

Titel Indlæg Oprettet Seneste aktivitet
Internet radio url Af scharff i Browsere 17 16/07/202407:59 16/07/202411:47
Køre Android apps på PC Af Uvanga i Browsere 4 12/07/202413:38 13/07/202410:04
Farver er forkerte Af Jeandefrance i Browsere 2 27/06/202417:10 27/06/202417:38
Kan ikke logge ind Af Bent i Browsere 3 06/06/202418:37 07/06/202410:48
Hvordan man laver et spil Af Nick1234 i Browsere 1 26/05/202415:40 27/05/202408:42
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 18:09 Kan ikke fildele fra PC til PC Af gertLundberg i LAN/WAN
I går 17:33 Facebook kopier en tråd Af clausito i Sociale medier
I går 09:49 Indtogs sejlads : OL i Paris : Hvornår kom Danmark ? Af Ikke-ekspert i Fri debat
I går 03:28 Inkasso som privat? Af lekor adams i Fri debat
26/0723:51 Frossen cursor Af goglov i PC
White papers
Flere white papers »


Premium
Teaser billede
Nordjyske MapsPeople ruster op til opkøb af konkurrenter: "Vi vil vinde det her kapløb"
Læs mere »
Microsoft tager til genmæle: Vores licenspraksis skaber ikke unfair konkurrence
Færre unge studerende på landets it-uddannelser: "Vi afviser dem der, hvor de har lyst til at læse"
Overblik: Sådan forløb årets største databrud - mindst 165 organisationer ramt
Se alle »
Computerworld
Teaser billede
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Læs mere »
Med SearchGPT har verden fået en spritny søgemaskine: Kan den true Googles dominans?
Apples spritnye app til kodeord kommer til iOS 18: Sådan virker den
Apples folde-iPhone tager form: Her er planerne
Se alle »
CIO
Teaser billede
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Microsoft kaster milliardbeløb efter nye tiltag til partnerprogrammet: Partnerne kan nu tjene endnu flere penge
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Læs mere »
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »