Hijackthis Log hjælp!

Af Megabruger GoA^bOyY | 15-03-2004 00:58 | 1320 visninger | 1 svar, hop til seneste

Logfile of HijackThis v1.97.7 Scan saved at 00:56:12, on 15-03-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE d:program filescaetrustscanengineInoRpc.exe d:program filescaetrustscanengineInoRT.exe d:program filescaetrustscanengineInoTask.exe D:Program FilesMsn +MsgPlus.exe D:PROGRA~1caetrustSCANEN~1 ealmon.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32 undll32.exe C:Program FilesAproposClientApropos.exe D:hjt.exe R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.topsearcher.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = http://www.topsearcher.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://t.rack.cc[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://t.rack.cc[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://hol.dk[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.topsearcher.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://t.rack.cc[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://t.rack.cc[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://t.rack.cc[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://t.rack.cc[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.topsearcher.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = about:blank R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://t.rack.cc[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://t.rack.cc[...] R3 - URLSearchHook: (no name) - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - (no file) N3 - Netscape 7: user_pref("browser.startup.homepage", "212.10.10.20"); (C:Documents and SettingsChristianApplication DataMozillaProfilesdefault2r357koj.sltprefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:Documents and SettingsChristianApplication DataMozillaProfilesdefault2r357koj.sltprefs.js) O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:Program FilesAproposClientAproposPlugin.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: winlink module - {6CC1C91A-AE8B-4373-A5B4-28BA1851E39A} - C:Documents and SettingsChristianApplication Datawinlinkwinlink.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [SystemSearch] regedit.exe -s c:ie.reg O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe O4 - HKLM..Run: [sys] regedit -s sys.reg O4 - HKLM..Run: [CloneCDElbyCDFL] "D:Program FilesCloncdCloneCDElbyCheck.exe" /L ElbyCDFL O4 - HKLM..Run: [MessengerPlus2] "D:Program FilesMsn +MsgPlus.exe" O4 - HKLM..Run: [AutoUpdater] C:PROGRA~2AUTOUP~1AUTOUP~1.EXE O4 - HKLM..Run: [AdvFTPSearchUpdate] C:WINDOWSautoupdate.exe O4 - HKLM..Run: [Realtime Monitor] d:PROGRA~1caetrustSCANEN~1 ealmon.exe -s O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU..Run: [MessengerPlus2] "D:Program FilesMsn +MsgPlus.exe" /WinStart O4 - Global Startup: GStartup.lnk = C:Program FilesCommon FilesGMTGMT.exe O12 - Plugin for .mpeg: C:Program FilesInternet ExplorerPLUGINS pqtplugin3.dll O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com[...] O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...] O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com[...] O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com[...] O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...] O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com[...] Ville blive MEGET glad hvis nogen gad og kigge den igennem! På forhånd tak. GoA^bOyY
--

Okay EyeBall Chat: KaninenChristian ICQ: 331879160

#1
Armageddon
Nørd Aspirant
15-03-2004 01:28

Rapporter til Admin

Hej GoA^bOyY, Du har lidt spyware, men det er nemt at fjerne. Det drejer sig om C:\Program Files\Apropos\Client\Apropos.exe Programmet kan afinstalleres helt normalt i tilføj/fjern programmer. Så er det lidt problematisk med disse nøgler i registreringsdatabasen R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.topsearcher.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchURL = http://www.topsearcher.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://t.rack.cc[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://t.rack.cc[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.topsearcher.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://t.rack.cc[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://t.rack.cc[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://t.rack.cc[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://t.rack.cc[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.topsearcher.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = about:blank R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://t.rack.cc[...] slet dem alle. Så skulle der ikke være mere.
--
/Armageddon - Moderator http://www.mdegn.dk[...]