Glemte lige logen, dumme mig... Logfile of HijackThis v1.99.1 Scan saved at 19:55:38, on 07-01-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPavProt.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32LEXBCES.EXE C:WINDOWSsystem32LEXPPS.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:ProgrammerAnalog DevicesCoresmax4pnp.exe C:ProgrammerIntelIntel Application Acceleratoriaanotif.exe C:Programmer CyberLinkPowerDVDDVDLauncher.exe C:WINDOWSsystem32dla fswctrl.exe C:ProgrammerDellMedia ExperienceDMXLauncher.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityAPVXDWIN.EXE C:ProgrammerMessengerPlus! 3MsgPlus.exe C:WINDOWSsystem32LVCOMSX.EXE C:ProgrammerJavajre1.5.0_06injusched.exe C:ProgrammerAgnitumOutpost Firewalloutpost.exe C:WINDOWSsystem32RunDLL32.exe C:ProgrammerMUSICMATCHMUSICMATCH Jukeboxmmtask.exe C:ProgrammerNokiaNokia PC Suite 6LaunchApplication.exe C:ProgrammerFælles filerPCSuiteDataLayerDataLayer.exe C:ProgrammerMessengerMsmsgs.exe C:programmervalvesteamsteam.exe C:ProgrammerSkypePhoneSkype.exe C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe C:ProgrammerNokiaNokia PC Suite 6PcSync2.exe C:PROGRA~1MSNMES~1msnmsgr.exe C:PROGRA~1FÆLLES~1PCSuiteServicesSERVIC~1.EXE C:ProgrammerIntelIntel Application Acceleratoriaantmon.exe C:ProgrammerLogitechSetPointKEM.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPaSSrv.exe C:ProgrammerLogitechSetPointKHALMNPR.EXE C:PROGRA~1FÆLLES~1NokiaMPAPIMPAPI3s.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecuritySRVLOAD.EXE C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPavFnSvr.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPavkre.exe C:ProgrammerFælles filerPanda SoftwarePavShldpavprsrv.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet Securitypavsrv51.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet Securityprevsrv.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityAVENGINE.EXE C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPsImSvc.exe C:WINDOWSsystem32 cpsvcs.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32wdfmgr.exe C:ProgrammerDAEMON Toolsdaemon.exe C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityWebProxy.exe C:WINDOWSsystem32msiexec.exe C:ProgrammerMicrosoft AntiSpywareGIANTAntiSpywareMain.exe C:DOCUME~1ADMKRI~4LOKALE~1TempAutoRun.exe C:ProgrammerMicrosoft AntiSpywaregcasDtServ.exe C:ProgrammerMicrosoft AntiSpywaregcasServ.exe C:ProgrammerMozilla Firefoxfirefox.exe C:ProgrammerWinRARWinRAR.exe C:DOCUME~1ADMKRI~4LOKALE~1TempRar$EX00.329HijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.euro.dell.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gratis-ting.dk[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.euro.dell.com[...] R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - Default URLSearchHook is missing O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:ProgrammerDAPdapbho.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: (no name) - {454F1E6A-9A4E-4A36-DE0D-01527B8194D2} - C:DOCUME~1ADMKRI~3APPLIC~1BALMEX~1ace wma.exe (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dla fswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgrammerJavajre1.5.0_06inssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:ProgrammerYahoo!CompanionInstallscpnyt.dll (file missing) O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesCoresmax4pnp.exe O4 - HKLM..Run: [IAAnotif] C:ProgrammerIntelIntel Application Acceleratoriaanotif.exe O4 - HKLM..Run: [ATIPTA] C:ProgrammerATI TechnologiesATI Control Panelatiptaxx.exe O4 - HKLM..Run: [DVDLauncher] "C:Programmer CyberLinkPowerDVDDVDLauncher.exe" O4 - HKLM..Run: [URLLSTCK.exe] C:ProgrammerNorton Internet SecurityUrlLstCk.exe O4 - HKLM..Run: [UpdateManager] "C:ProgrammerFælles filerSonicUpdate Managersgtray.exe" /r O4 - HKLM..Run: [dla] C:WINDOWSsystem32dla fswctrl.exe O4 - HKLM..Run: [DMXLauncher] C:ProgrammerDellMedia ExperienceDMXLauncher.exe O4 - HKLM..Run: [Attractive Clock] a O4 - HKLM..Run: [Blubster] C:ProgrammerBlubsterBlubster.exe SILENT O4 - HKLM..Run: [SCANINICIO] "C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityInicio.exe" O4 - HKLM..Run: [APVXDWIN] "C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityAPVXDWIN.EXE" /s O4 - HKLM..Run: [BearShare] "C:ProgrammerBearShareBearShare.exe" /pause O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessengerPlus! 3MsgPlus.exe" O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavajre1.5.0_06injusched.exe O4 - HKLM..Run: [HookUpFinder] C:ProgrammerHookUpFinderhookupfinder.Exe O4 - HKLM..Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513 O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM..Run: [mmtask] "C:ProgrammerMUSICMATCHMUSICMATCH Jukeboxmmtask.exe" O4 - HKLM..Run: [PCSuiteTrayApplication] C:ProgrammerNokiaNokia PC Suite 6LaunchApplication.exe -onlytray O4 - HKLM..Run: [DataLayer] C:ProgrammerFælles filerPCSuiteDataLayerDataLayer.exe O4 - HKLM..Run: [DAEMON Tools] "C:ProgrammerDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [gcasServ] "C:ProgrammerMicrosoft AntiSpywaregcasServ.exe" O4 - HKLM..RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPasSrv.exe" O4 - HKCU..Run: [eMuleAutoStart] C:ProgrammereMuleemule.exe -AutoStart O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengerMsmsgs.exe" /background O4 - HKCU..Run: [Steam] "c:programmervalvesteamsteam.exe" -silent O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [BitComet] "C:ProgrammerBitCometBitComet.exe" O4 - HKCU..Run: [Creative WebCam Tray] "C:ProgrammerCreativeShared FilesCamTray.exe" O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe O4 - HKCU..Run: [PcSync] C:ProgrammerNokiaNokia PC Suite 6PcSync2.exe /NoDialog O4 - HKCU..Run: [msnmsgr] "C:PROGRA~1MSNMES~1msnmsgr.exe" /background O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:ProgrammerAdobeAcrobat 7.0Reader eader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:ProgrammerLogitechSetPointKEM.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:ProgrammerDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - C:ProgrammerDAPdapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MI1933~1Office10EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavajre1.5.0_06inssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavajre1.5.0_06inssv.dll O9 - Extra button: @C:ProgrammerMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: @C:ProgrammerMessengerMsgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com[...] O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com[...] O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com[...] O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com[...] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com[...] O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net[...] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com[...] O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:DOWNLO~1BT2NetBT2PLU~1.DLL (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:DOWNLO~1BT2NetBT2PLU~1.DLL O20 - AppInit_DLLs: msgplusloader.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:ProgrammerIntelIntel Application Acceleratoriaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgrammerFælles filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE O23 - Service: LVSrvLauncher - Unknown owner - C:ProgrammerFælles filerLogitechKAudPsrvLnch.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:ProgrammerFælles filerMacromedia SharedServiceMacromedia Licensing.exe O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPaSSrv.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityFirewallPavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:ProgrammerFælles filerPanda SoftwarePavShldpavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet Securitypavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet Securityprevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:ProgrammerPanda SoftwarePanda Platinum 2005 Internet SecurityPsImSvc.exe
--
Husk: Det er ikke muligt at idiot-sikre noget, da idioter generelt er for opfindsomme!!

Hej • Der er ikke så meget skidt, men han har en helvedes masse programmer installeret. • Han bruger blandt andet en del fildelingsprogrammer som Blubster, Emule, Bitcomet, Bearshare, • Så bruger han to Firewall's Panda og Agnitum • Ved du/I hvad HookUpFinder.exe er? Hent disse programmer som skal bruges i fejlsikret tilstand - Kaspersky Scanner http://www.spywareinfo.dk[...] - Ewido Security Suite http://www.ewido.net[...] Installer Ewido SS, åben det og Update det og luk det igen. Genstart i fejlsikret tilstand. (Tryk F8 gentagne gange ved opstart) Gå i Start > Kontrolpanel > Tilføj/Fjern Programmer og afinstaller nedenstående navne (med fed skrift) Download Accelerator Kør så en ny scanning med HJT og sæt flueben ved disse: R3 - Default URLSearchHook is missing O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:ProgrammerDAPdapbho.dll O2 - BHO: (no name) - {454F1E6A-9A4E-4A36-DE0D-01527B8194D2} - C:DOCUME~1ADMKRI~3APPLIC~1BALMEX~1ace wma.exe (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:ProgrammerYahoo!CompanionInstallscpnyt.dll (file missing) O4 - HKLM..Run: [Attractive Clock] a O8 - Extra context menu item: &Download with &DAP - C:ProgrammerDAPdapextie.htm O8 - Extra context menu item: Download &all with DAP - C:ProgrammerDAPdapextie2.htm O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com[...] O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:DOWNLO~1BT2NetBT2PLU~1.DLL (file missing) O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:DOWNLO~1BT2NetBT2PLU~1.DLL Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler. (Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved "Skjul beskyttede operativsystemfiler". Fjern flueben ved "Skjul filtypenavne for kendte filtyper". Sæt prik i "Vis skjulte filer og mapper".) ~1 og ~3 bruges som forkortelse C:\Programmer\DAP\ >> Slet Mappen C:\DOCUME~1\ADMKRI~3\APPLIC~1\BALMEX~1\ >> Slet Mappen Ændre derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler. ----------------------- Kør en diskoprydning. (Start=> Programmer=> Tilbehør=> Systemværktøjer=> Diskoprydning. Sæt flueben ved temp-filer, temporary internet files og papirkurv). ----------------------- Installer og scan så med Kaspersky scanneren. Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services. - og prik i følgende: All local drives og Scan all files. Klik på scan. Du skal ikke klikke på Add to Startup folders, for så scannes din PC, hver gang du starter Windows op ----------------------- Ewido Security Suite Åben programmet Gå i "Scanner" og vælg "Complete System Scan" Vælg Remove til alt hvad den finder. Når den er færdig vælger du "Save Report" for Rapporten skal jeg bruge senere. ----------------------- Genstart i normal tilstand. Kør en ny scanning med HJT og smid HJT loggen samt Ewido loggen herind til kontrol.
--
http://www.hattrick.org[...] Alliancen (570540) Hol.dk HJT Supporter