HJTlog--

Af Gigabruger jackeb | 12-02-2005 16:47 | 1171 visninger | 3 svar, hop til seneste

Logfile of HijackThis v1.99.0 Scan saved at 16:44:30, on 12-02-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C://WINDOWS//System32//smss.exe C://WINDOWS//system32//winlogon.exe C://WINDOWS//system32//services.exe C://WINDOWS//system32//lsass.exe C://WINDOWS//system32//svchost.exe C://WINDOWS//System32//svchost.exe C://WINDOWS//system32//spoolsv.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgamsvr.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgupsvc.exe C://Programmer//Fælles filer//Symantec Shared//ccEvtMgr.exe C://Programmer//Norton AntiVirus//navapsvc.exe C://Programmer//Norton AntiVirus//AdvTools//NPROTECT.EXE C://WINDOWS//System32//svchost.exe C://WINDOWS//Explorer.EXE C://Programmer//Fælles filer//Symantec Shared//ccApp.exe C://Programmer//MSN Apps//Updater//01.02.3000.1001//da//msnappau.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgcc.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgemc.exe C://Programmer//Messenger//msmsgs.exe C://Programmer//MSN Messenger//msnmsgr.exe C://WINDOWS//System32//svchost.exe C://Programmer//Grisoft//AVG Free//avgwb.dat C://Programmer//Internet Explorer//iexplore.exe C://DOCUME~1//mig//LOKALE~1//Temp//Midlertidig mappe 5 for hijackthis.zip//HijackThis.exe R1 - HKCU//Software//Microsoft//Internet Explorer//Main,Search Page = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R0 - HKCU//Software//Microsoft//Internet Explorer//Main,Start Page = http://www.google.dk[...] R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Default_Page_URL = about:blank R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Default_Search_URL = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Search Bar = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Search Page = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKCU//Software//Microsoft//Internet Explorer//Search,SearchAssistant = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R0 - HKLM//Software//Microsoft//Internet Explorer//Search,SearchAssistant = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R0 - HKCU//Software//Microsoft//Internet Explorer//Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c://programmer//google//googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C://Programmer//Norton AntiVirus//NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C://Programmer//Norton AntiVirus//NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C://Programmer//MSN Apps//MSN Toolbar//01.02.3000.1001//da//msntb.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c://programmer//google//googletoolbar1.dll O4 - HKLM//..//Run: [ccApp] "C://Programmer//Fælles filer//Symantec Shared//ccApp.exe" O4 - HKLM//..//Run: [Advanced Tools Check] C://PROGRA~1//NORTON~1//AdvTools//ADVCHK.EXE O4 - HKLM//..//Run: [msnappau] "C://Programmer//MSN Apps//Updater//01.02.3000.1001//da//msnappau.exe" O4 - HKLM//..//Run: [AVG7_CC] C://PROGRA~1//Grisoft//AVGFRE~1//avgcc.exe /STARTUP O4 - HKLM//..//Run: [AVG7_EMC] C://PROGRA~1//Grisoft//AVGFRE~1//avgemc.exe O4 - HKCU//..//Run: [MSMSGS] "C://Programmer//Messenger//msmsgs.exe" /background O4 - HKCU//..//Run: [msnmsgr] "C://Programmer//MSN Messenger//msnmsgr.exe" /background O8 - Extra context menu item: &Google Search - res://c://programmer//google//GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c://programmer//google//GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c://programmer//google//GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c://programmer//google//GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c://programmer//google//GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C://Programmer//Messenger//msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C://Programmer//Messenger//msmsgs.exe O14 - IERESET.INF: START_PAGE_URL= http://google.com[...] O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com[...] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk[...] O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com[...] O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C://PROGRA~1//Grisoft//AVGFRE~1//avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C://PROGRA~1//Grisoft//AVGFRE~1//avgupsvc.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C://Programmer//Fælles filer//Symantec Shared//ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C://Programmer//Fælles filer//Symantec Shared//ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C://Programmer//Norton AntiVirus//navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C://Programmer//Norton AntiVirus//AdvTools//NPROTECT.EXE O23 - Service: ScriptBlocking Service - Symantec Corporation - C://PROGRA~1//FÆLLES~1//SYMANT~1//SCRIPT~1//SBServ.exe
--

Vær sød og hjælpe mig

#1
Theking2
Giga Supporter
12-02-2005 17:00

Rapporter til Admin

Hvad sker der lige for dit XP med // konstant i stedet for / Deaktiver systemgendannelse. (Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik OK.) Genstart i fejlsikret tilstand. (Tryk F8 gentagne gange ved opstart) Kør så en ny scanning med HJT og sæt flueben ved disse: R1 - HKCU//Software//Microsoft//Internet Explorer//Main,Search Page = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Default_Page_URL = about:blank R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Default_Search_URL = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Search Bar = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKLM//Software//Microsoft//Internet Explorer//Main,Search Page = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R1 - HKCU//Software//Microsoft//Internet Explorer//Search,SearchAssistant = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 R0 - HKLM//Software//Microsoft//Internet Explorer//Search,SearchAssistant = res://C://WINDOWS//system32//qbfuf.dll/sp.html#96676 O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C://Programmer//MSN Apps//MSN Toolbar//01.02.3000.1001//da//msntb.dll (file missing) O4 - HKLM//..//Run: [msnappau] "C://Programmer//MSN Apps//Updater//01.02.3000.1001//da//msnappau.exe" O14 - IERESET.INF: START_PAGE_URL= http://google.com[...] O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler. (Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved "Skjul beskyttede operativsystemfiler". Fjern flueben ved "Skjul filtypenavne for kendte filtyper". Sæt prik i "Vis skjulte filer og mapper".) C://WINDOWS//system32//qbfuf.dll >> Slet Filen Ændr derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler. Du må først aktivere din systemgendannelse igen, når jeg siger til. Genstart i normal tilstand. Kør en ny scanning med HJT og smid loggen herind til kontrol. Læg evt. også et par ord, om du har problemer med din PC, eller om det bare var et tjek
--
Dell XPS 3||3.2 Ghz P4 540||i925X ICH6-R||2x512 PC4200 Dual DDR2 533 Mhz||Radeon X800 SE PCI-E||Creative Audigy 2||160GB SATA Seagate||DVD+RW NEC 2100AD 8x||460W PFC||M993 19" Ultrascan

#2
jackeb
Gigabruger
12-02-2005 17:20

Rapporter til Admin

Logfile of HijackThis v1.99.0 Scan saved at 17:18:50, on 12-02-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C://WINDOWS//System32//smss.exe C://WINDOWS//system32//winlogon.exe C://WINDOWS//system32//services.exe C://WINDOWS//system32//lsass.exe C://WINDOWS//system32//svchost.exe C://WINDOWS//System32//svchost.exe C://WINDOWS//system32//spoolsv.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgamsvr.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgupsvc.exe C://Programmer//Fælles filer//Symantec Shared//ccEvtMgr.exe C://Programmer//Norton AntiVirus//navapsvc.exe C://Programmer//Norton AntiVirus//AdvTools//NPROTECT.EXE C://WINDOWS//System32//svchost.exe C://WINDOWS//Explorer.EXE C://Programmer//Fælles filer//Symantec Shared//ccApp.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgcc.exe C://PROGRA~1//Grisoft//AVGFRE~1//avgemc.exe C://Programmer//Messenger//msmsgs.exe C://WINDOWS//system32//wuauclt.exe C://Programmer//Internet Explorer//iexplore.exe C://WINDOWS//System32//svchost.exe C://DOCUME~1//mig//LOKALE~1//Temp//Midlertidig mappe 7 for hijackthis.zip//HijackThis.exe R0 - HKCU//Software//Microsoft//Internet Explorer//Main,Start Page = http://www.google.dk[...] R0 - HKCU//Software//Microsoft//Internet Explorer//Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c://programmer//google//googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C://Programmer//Norton AntiVirus//NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C://Programmer//Norton AntiVirus//NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c://programmer//google//googletoolbar1.dll O4 - HKLM//..//Run: [ccApp] "C://Programmer//Fælles filer//Symantec Shared//ccApp.exe" O4 - HKLM//..//Run: [Advanced Tools Check] C://PROGRA~1//NORTON~1//AdvTools//ADVCHK.EXE O4 - HKLM//..//Run: [AVG7_CC] C://PROGRA~1//Grisoft//AVGFRE~1//avgcc.exe /STARTUP O4 - HKLM//..//Run: [AVG7_EMC] C://PROGRA~1//Grisoft//AVGFRE~1//avgemc.exe O4 - HKCU//..//Run: [MSMSGS] "C://Programmer//Messenger//msmsgs.exe" /background O4 - HKCU//..//Run: [msnmsgr] "C://Programmer//MSN Messenger//msnmsgr.exe" /background O8 - Extra context menu item: &Google Search - res://c://programmer//google//GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c://programmer//google//GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c://programmer//google//GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c://programmer//google//GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c://programmer//google//GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C://Programmer//Messenger//msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C://Programmer//Messenger//msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk[...] O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com[...] O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C://PROGRA~1//Grisoft//AVGFRE~1//avgamsvr.exe O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C://PROGRA~1//Grisoft//AVGFRE~1//avgupsvc.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C://Programmer//Fælles filer//Symantec Shared//ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C://Programmer//Fælles filer//Symantec Shared//ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C://Programmer//Norton AntiVirus//navapsvc.exe O23 - Service: Norton Unerase Protection - Symantec Corporation - C://Programmer//Norton AntiVirus//AdvTools//NPROTECT.EXE O23 - Service: ScriptBlocking Service - Symantec Corporation - C://PROGRA~1//FÆLLES~1//SYMANT~1//SCRIPT~1//SBServ.exe Tak.. Er alt i orden nu?
--
Vær sød og hjælpe mig

#3
Theking2
Giga Supporter
12-02-2005 19:46

Rapporter til Admin

#2 Den er fin nu, og du må godt aktivere systemgendannelse igen.
--
Dell XPS 3||3.2 Ghz P4 540||i925X ICH6-R||2x512 PC4200 Dual DDR2 533 Mhz||Radeon X800 SE PCI-E||Creative Audigy 2||160GB SATA Seagate||DVD+RW NEC 2100AD 8x||460W PFC||M993 19" Ultrascan