Søg
Avatar billede sparki Nybegynder
04. april 2004 - 16:01 Der er 47 kommentarer og
1 løsning

trojansk virus!!

jeg har fået en trojansk virus som mit virus scanner program ikke kan finde... den gør bla. at i mit mIRC (ZaiIRC) siger den:

http://www.angelfire.com/az3/xthecyber/q_auths.zip Q-AUTHS!

<!> gå ikke ind på det link!!<!>


nogle der kan hjælpe??? jeg giver self 200 point til dne der kan hjælpe mig
Avatar billede fromsej Praktikant
04. april 2004 - 16:02 #1
Gå ind her og hent Spybot og Hijackthis.
http://www.spywarefri.dk/vaerktoj.htm
Installer og kør Spybot, opdater online, scan, afhjælp valgte problemer, genstart.
Derefter udpakker og kører du Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.
Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.
Avatar billede victor-1 Nybegynder
08. april 2004 - 12:37 #2
Det er ikke nemt at hjælpe her, hva' "fromsej" *S*
Avatar billede fromsej Praktikant
08. april 2004 - 12:39 #3
Nej, men det er ikke min PC. ;o)
Avatar billede sparki Nybegynder
08. april 2004 - 18:51 #4
her er det dokument den gemte:



Logfile of HijackThis v1.97.7
Scan saved at 18:51:37, on 08-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system\winlogon.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\temp\adware\fsg_4104.exe
C:\Programmer\Common files\updater\wupdater.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Programmer\SysAI\SysAI.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SmartPopupKiller\PopupKillerTray.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mysearchnow.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4181CD71-2EDB-74C7-701E-1F2D3F099A4C} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet4_85.dll
O2 - BHO: CSBrBHO - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)
O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\Programmer\SmartPopupKiller\PopupKillerIEDLL.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\system\winlogon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [updater] C:\Programmer\Common files\updater\wupdater.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [Winlogon] C:\WINDOWS\system32\wins\WINLOGON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: iMesh.lnk = C:\Programmer\iMesh\Client\iMeshClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede johnstigers Seniormester
08. april 2004 - 19:45 #5
hent lige denne: http://www.zerosrealm.com/downloads/CWShredder.zip - klik next og lad programmet arbejde færdigt - scan så igen med hijackthis of post den ny log herind.
Avatar billede johnstigers Seniormester
08. april 2004 - 19:47 #6
Husk lige at opdatere cwshredder inden du fortsætter :)
Avatar billede sparki Nybegynder
08. april 2004 - 19:57 #7
her er den john_stingers


Logfile of HijackThis v1.97.7
Scan saved at 19:59:47, on 08-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system\winlogon.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\temp\adware\fsg_4104.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Programmer\SysAI\SysAI.exe
C:\Programmer\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Documents and Settings\Anders Blom\Skrivebord\mIRC\ZaiIRC.exe
C:\mIRC bot!\ZaiIRC.exe
C:\Programmer\Common files\updmgr\updmgr.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SmartPopupKiller\PopupKillerTray.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4181CD71-2EDB-74C7-701E-1F2D3F099A4C} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet4_85.dll
O2 - BHO: CSBrBHO - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)
O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} - C:\Programmer\SmartPopupKiller\PopupKillerIEDLL.dll
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\system\winlogon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: iMesh.lnk = C:\Programmer\iMesh\Client\iMeshClient.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede johnstigers Seniormester
08. april 2004 - 20:11 #8
Så slap du af med den irriterende startside kan jeg se ;)

Løber den lige igennem.
Avatar billede sparki Nybegynder
08. april 2004 - 20:15 #9
hehe :P hvad for en startside ???
Avatar billede johnstigers Seniormester
08. april 2004 - 20:19 #10
(Kan se startsiden ikke var ændret - sorry ;)
Du skal nu i gang med at fixe:

Deaktiver som det første din systemgendannelse. Hvis du ikke ved, hvordan du gør det så kig her: http://www.spywarefri.dk/virusscannere.htm#alle

Gå i fejlsikret tilstand. Tast f8 under opstart. scan igen med Hijackthis og fix det jeg skriver herunder - dobbelttjek så alt kommer med:

R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {4181CD71-2EDB-74C7-701E-1F2D3F099A4C} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet4_85.dll
O2 - BHO: CSBrBHO - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)
O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} -
O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Genstart til normal tilstand, scan og post ny log - geaktiver først ssytemgendannelse når du får ok til det.
Avatar billede sparki Nybegynder
08. april 2004 - 20:42 #11
eeehhh? :S det lyder lidt indviklet :P
Avatar billede thedeathart Nybegynder
08. april 2004 - 20:46 #12
btw. den der IRC besked... det er en anden person (bot) som skriver den...

og man er altså godt dum, hvis man går ind på sådan et link...

har selv set det flere gang...plejer at kick/ban personer som siger det på min kanal..
Avatar billede johnstigers Seniormester
08. april 2004 - 21:08 #13
sparki> vinge ved dem jeg har listet og klik på fix - for at gøre det mere overskueligt har jeg her delt dem lidt op:

R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: (no name) - {4181CD71-2EDB-74C7-701E-1F2D3F099A4C} - C:\PROGRA~1\COMPBI~1\flap bias.dll

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmer\NewDotNet\newdotnet4_85.dll

O2 - BHO: CSBrBHO - {96DA5BEE-4ACC-476C-B3EC-54C6730C4293} - C:\PROGRA~1\Comet\Install\Temp\brbho.dll (file missing)
O2 - BHO: (no name) - {A09790E7-DD00-4A83-B632-5B563423CFBB} -

O2 - BHO: LBBHO - {EFD84954-6B46-42f4-81F3-94CE9A77052D} - C:\WINDOWS\lbbho.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net
Avatar billede sparki Nybegynder
08. april 2004 - 21:37 #14
ok mange tak =)
Avatar billede sparki Nybegynder
09. april 2004 - 11:21 #15
hmm... den siger det stadig ?


[11:15:04] <Sparki> http://www.angelfire.com/az3/xthecyber/q_auths.zip Q-AUTHS!

er der ikke flere filer ???


BTW. jeg kunne ikke finde den her i min hijackthis:
O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4104.exe"
Avatar billede arlet Juniormester
09. april 2004 - 11:23 #16
Hvis du kommer med en ny hijackthis log, så er det nemmere at se hvad der mangler at bliver fixet
Avatar billede sparki Nybegynder
09. april 2004 - 11:24 #17
ok...
Avatar billede sparki Nybegynder
09. april 2004 - 11:25 #18
her er den :



Logfile of HijackThis v1.97.7
Scan saved at 11:28:02, on 09-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DRVTRA~1\blahdead.exe
C:\WINDOWS\system\winlogon.exe
C:\Programmer\TrojanHunter 3.8\THGuard.exe
C:\Programmer\Common files\updmgr\updmgr.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SysAI\SysAI.exe
C:\mIRC bot!\ZaiIRC.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anders Blom\Skrivebord\mIRC\ZaiIRC.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\system\winlogon.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [Winlogon] C:\WINDOWS\system32\wins\WINLOGON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: GStartup.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede johnstigers Seniormester
09. april 2004 - 11:28 #19
C:\WINDOWS\system\winlogon.exe - skal i hvert fald fixes - det kan være arlet kan finde mere?

genstart i fejl sikker tilstand - slet filen C:\WINDOWS\system\winlogon.exe - fix også i hijackthis - genstart og ny log.
Avatar billede arlet Juniormester
09. april 2004 - 11:30 #20
Skal også fixes:
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe(unødvendig)
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"(snavs)
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe(unødvendig)

Find og slet:
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Fælles filer\CMEII <-hele mappen
C:\Programmer\Common files\updmgr <-hele mappen

Genstart og ny log
Avatar billede sparki Nybegynder
09. april 2004 - 11:30 #21
hvordan starter jeg i fejlsikret tilstand ??
Avatar billede arlet Juniormester
09. april 2004 - 11:31 #22
F8 ved opstart
Avatar billede sparki Nybegynder
09. april 2004 - 11:32 #23
ok
Avatar billede sparki Nybegynder
09. april 2004 - 11:46 #24
man kunne ikke slette

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Fælles filer\CMEII <-hele mappen
C:\Programmer\Common files\updmgr <-hele mappen ???
Avatar billede arlet Juniormester
09. april 2004 - 11:48 #25
Kunne du ikke slette dem i fejlsikret??

Prøv igen og kom med en ny log
Avatar billede sparki Nybegynder
09. april 2004 - 11:49 #26
men min nye log
Avatar billede sparki Nybegynder
09. april 2004 - 11:50 #27
Logfile of HijackThis v1.97.7
Scan saved at 11:52:19, on 09-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DRVTRA~1\blahdead.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Common files\updmgr\updmgr.exe
C:\Programmer\Fælles filer\CMEII\CMESys.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wins\WINLOGON.EXE
C:\Programmer\Fælles filer\GMT\GMT.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\SysAI\SysAI.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\system\winlogon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [Winlogon] C:\WINDOWS\system32\wins\WINLOGON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: GStartup.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede sparki Nybegynder
09. april 2004 - 11:50 #28
den gider ikke slette winlogon??? :S
Avatar billede sparki Nybegynder
09. april 2004 - 11:52 #29
jeg prøver det lige igen så..
Avatar billede arlet Juniormester
09. april 2004 - 11:54 #30
C:\WINDOWS\system\winlogon.exe
C:\WINDOWS\system32\wins\WINLOGON.EXE

Læg godt mærke til hvor de ligger henne.
Den første lígger i system mappen(ikke system32 mappen)
Den anden ligger i mappen wins, som ligger i system32 mappen.

Du må ikke slette den winlogon.exe, som ligger i system32 mappen.

Prøv igen
Avatar billede sparki Nybegynder
09. april 2004 - 12:12 #31
sdan:


har slettet den her
C:\WINDOWS\system\winlogon.exe    og så ser det sådan her ud :



Logfile of HijackThis v1.97.7
Scan saved at 12:12:43, on 09-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system\winlogon.exe
C:\Programmer\Fælles filer\GMT\GMT.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [Winlogon] C:\WINDOWS\system32\wins\WINLOGON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: GStartup.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede arlet Juniormester
09. april 2004 - 12:15 #32
Også denne her:
C:\WINDOWS\system32\wins\WINLOGON.EXE
Avatar billede sparki Nybegynder
09. april 2004 - 12:17 #33
var det ikke nopget med jeg ikke måtte slette den ??
Avatar billede sparki Nybegynder
09. april 2004 - 12:18 #34
here we go this time =]:



Logfile of HijackThis v1.97.7
Scan saved at 12:20:13, on 09-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system\winlogon.exe
C:\Programmer\Fælles filer\GMT\GMT.exe
C:\Programmer\SysAI\SysAI.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmer\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: GStartup.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede arlet Juniormester
09. april 2004 - 12:27 #35
Skal også fixes:
O4 - Global Startup: GStartup.lnk = ?
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab

Genstart og ny log
Avatar billede sparki Nybegynder
09. april 2004 - 12:41 #36
så har vi opdateret igen :P :




Logfile of HijackThis v1.97.7
Scan saved at 12:42:46, on 09-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede arlet Juniormester
09. april 2004 - 16:25 #37
Skal fixes:
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Programmer\SysAI\AproposPlugin.dll
O3 - Toolbar: Log Base Logo - {6860FB73-5819-1E96-2ACD-85A9C586F8B3} - C:\PROGRA~1\COMPBI~1\flap bias.dll
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

genstart og ny log
Avatar billede sparki Nybegynder
09. april 2004 - 18:01 #38
behøves ikke ? den er fixet`?? den siger ikke den msg mere ??
Avatar billede sparki Nybegynder
12. april 2004 - 14:17 #39
her er min nye log... det virkede alligevel ikke :(




Logfile of HijackThis v1.97.7
Scan saved at 14:21:07, on 12-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system\winlogon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SysAI\SysAI.exe
C:\Documents and Settings\Anders Blom\Skrivebord\mIRC\ZaiIRC.exe
C:\mIRC bot!\ZaiIRC.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [Winlogon] C:\WINDOWS\system32\wins\WINLOGON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede arlet Juniormester
12. april 2004 - 14:20 #40
Denne skal slettes:
C:\WINDOWS\system32\wins\WINLOGON.EXE <-bemærk stien

fix i hijackthis:
O4 - HKCU\..\Run: [Winlogon] C:\WINDOWS\system32\wins\WINLOGON.EXE

genstart og ny log
Avatar billede sparki Nybegynder
12. april 2004 - 15:05 #41
Logfile of HijackThis v1.97.7
Scan saved at 15:07:58, on 12-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system\winlogon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SysAI\SysAI.exe
C:\Documents and Settings\Anders Blom\Skrivebord\mIRC\ZaiIRC.exe
C:\mIRC bot!\ZaiIRC.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Messenger\Msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Programmer\Microsoft Office\Office\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
Avatar billede arlet Juniormester
12. april 2004 - 15:18 #42
Kender du denne her:
O4 - HKLM\..\Run: [Link Audio] C:\PROGRA~1\DRVTRA~1\blahdead.exe
Avatar billede fromsej Praktikant
12. april 2004 - 15:27 #43
Den har jeg kigget på længe, der findes intet om den, så mon ikke det er snavs?
Avatar billede sparki Nybegynder
12. april 2004 - 15:44 #44
blahdead!!! OMFG


hver gang jeg starter lige min PC op så siger den  opret forbindelse til internet og det gør den i mendst 70 vinduer hvor der står blahdead :S
Avatar billede fromsej Praktikant
12. april 2004 - 15:48 #45
Det skulle vi have vidst fra starten.
Fix linien, og slet:
C:\PROGRA~1\DRVTRA~1 -> Mappen.
Avatar billede arlet Juniormester
12. april 2004 - 16:01 #46
Det kunne have været en nyttig information...

Når den er slettet, skal vi lige have en ny log
Avatar billede sparki Nybegynder
12. april 2004 - 19:18 #47
Logfile of HijackThis v1.97.7
Scan saved at 19:21:26, on 12-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\umcss.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anders Blom\Skrivebord\Spil\extra ting\installs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparki.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.clan-blind.webbyen.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UsrManagmentConf] umcss.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] C:\Sierra\Half-Life\cstrike\Steam.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\..\{17AF17A6-D042-47CF-A5B1-F3D4C246FCA8}: NameServer = 193.162.153.164 194.239.134.83




new log
Avatar billede arlet Juniormester
12. april 2004 - 19:34 #48
Denne skal lige væk:
O4 - HKLM\..\Run: [UsrManagmentConf] umcss.exe

genstart og ny log

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Installer den, så du ikke får mere snavs ind.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 01:57 Tjek alle checkbox i form Af bsn i ASP
I går 21:35 Lidt simpel (håber jeg) Photoshop hjælp Af fcs i Billedbehandling
16/0516:04 Canon printer vil ikke udskrive farver Af mort1 i Printere
16/0514:50 Hvilket fabrikat af Mesh systemer virker? Af fkj i Wifi
15/0513:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
White papers
Flere white papers »