---

Hej er der nogle der kan tjekke denne hijackthis log fil for mig og fortælle hvad jeg skal slette???

Logfile of HijackThis v1.98.0
Scan saved at 17:13:10, on 22-07-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\mfcph.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Grisoft\AVG6\avgcc32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\apihc32.exe
C:\Documents and Settings\Tobias\Skrivebord\hijackthis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A4F44AA0-9FEC-4E35-454E-9966C5BAB81B} - C:\WINDOWS\system32\apirr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2e99.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Programmer\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [apihc32.exe] C:\WINDOWS\system32\apihc32.exe
O4 - HKLM\..\RunOnce: [mfcph.exe] C:\WINDOWS\mfcph.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Startup: Clean Up.lnk = D:\Clean Up.bat
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.cracks.am
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f32ea71f93289f61b4dbf30a04a6a1144dbe14cda02fcaaa9fafbced2952791a768a1a41688817425fa5c9751a6be7b24046:f22d67e45739a8712f7edadac81f3fd5
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -

---

Her er en nyere:

Logfile of HijackThis v1.98.0
Scan saved at 17:27:40, on 22-07-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\mfcph.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Grisoft\AVG6\avgcc32.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\apihc32.exe
D:\Every thing\Sikkerhed mod virus trojaner og mange andre ting\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bwwte.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://bwwte.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://bwwte.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bwwte.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bwwte.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://bwwte.dll/index.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A4F44AA0-9FEC-4E35-454E-9966C5BAB81B} - C:\WINDOWS\system32\apirr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Popup Defence Updater] regsvr32 /s C:\WINDOWS\System32\pdfupd.dll
O4 - HKLM\..\Run: [SafeGuard Popup Updater (required)] regsvr32 /s C:\WINDOWS\System32\PDF2e99.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Programmer\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [apihc32.exe] C:\WINDOWS\system32\apihc32.exe
O4 - HKLM\..\RunOnce: [mfcph.exe] C:\WINDOWS\mfcph.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - Startup: Clean Up.lnk = D:\Clean Up.bat
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.cracks.am
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=f32ea71f93289f61b4dbf30a04a6a1144dbe14cda02fcaaa9fafbced2952791a768a1a41688817425fa5c9751a6be7b24046:f22d67e45739a8712f7edadac81f3fd5
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -

---

Jeg har nemelig et ireterende problem med denne startside res://bwwte.dll/index.html den tilføjer sig selv som startside så snart jeg lukker browseren!!!

Hjælp mig Please!!!!

---

Prøv og se ind i din msconfig om der er noget der kan undværes, for der ligger sikkert et program der starter op når du starter din PC, som gør at den aktivere denne funktion.
Prøv at deaktivere nogle af dem som du har mistanke til, - du kan altid aktiver dem igen hvis de ikke kan undværes.

---

og hvordan kigger jeg lige ind i min msconfig???

---

du skal downloade spybot:http://www.safer-networking.org/en/download/index.html
og adaware :http://www.lavasoftusa.com/support/download/
og køre begge programmer og se om de ikke finder en masse skidt.

---

Som svar på kl. 18.08
Start - Kør
skriv: msconfig
OK
Fanebladet Start
Man kan deaktivere rent diagnostisk hvilket vil sige, at man kan aktivere igen, men er man meget uerfaren kan det godt se meget fremmed og uforståeligt ud.

---

har fundet ud af det!

---

har allerede Ad-aware 6.0, Spybot - Search & Destroy og SpywareBlaster

---

Har det hjulpet?

---

Ad-aware 6.0, Spybot - Search & Destroy og SpywareBlaster Hjælper ikke så derfor fik jeg lavet en hijackthis log så nogle kunne kige på det!!!

Please hjælp!!!

---

Hent Hsremove: http://www.hsremove.com/
Deaktiver systemgendannelse. Højreklik på denne computer-egenskaber-systemgendannelse.


Genstart til fejlsikret tilstand- F8 Kør Hsremove
Scan med Hijackthis, ving nedenstående af, luk alle andre vinduer og Fix:
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A4F44AA0-9FEC-4E35-454E-9966C5BAB81B} - C:\WINDOWS\system32\apirr.dll
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [apihc32.exe] C:\WINDOWS\system32\apihc32.exe
O4 - HKLM\..\RunOnce: [mfcph.exe] C:\WINDOWS\mfcph.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Find og slet:
C:\WINDOWS\system32\apirr.dll
C:\Programmer\BearShare\BearShare.exe" <<<Kan lukke syware ind!
C:\Program Files\WindowsSA\omniscient.exe
C:\WINDOWS\system32\apihc32.exe
C:\WINDOWS\mfcph.exe.

Genstart og send ny log.
Og vi håber på, at det er en af de nemme infektioner, ellers er der andre metoder

---

Tak for svaret lengberg.
                        

---

Selv tak, og go´weekend

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.