Virus spy bot eller hvad??

Hent Hijackthis: http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Opret en ny mappe på skrivebordet. Tryk gem og gem den i den nyoprettede mappe. Så dobbeltklikker du på filen og trykker Scan derefter ændrer scan knappen sig til save log som du så trykker på. Så markerer du teksten og kopierer den, og derefter sætter du teksten herind. Så skal jeg tjekke den.

DU MÅ IKKE FIXE NOGET SELV, DA DET KAN GØRE MERE SKADE END GAVN.

Logfile of HijackThis v1.97.7
Scan saved at 23:38:23, on 20-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Armor2net] E:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] IEXPLORE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Microsoft Internet Explorer] IEXPLORE.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38028.3396527778
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

okay kigger den igennem. Der går et stykke tid.

Slå systemgendannelse fra (Højreklik på Denne Computer på skrivebordet, vælg Egenskaber og fanebladet Systemgendannelse og sæt flueben i Deaktiver systemgendannelse. Klik ok og genstart)

Lav en mappe KUN til HijackThis.

Luk alle vinduer undtagen hijackthis, og fix disse:

O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Microsoft Internet Explorer] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft Internet Explorer] IEXPLORE.EXE

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab



Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".


Genstart i fejlsikrettilstand (f8 ved opstart)

C:\WINDOWS\System32\IEXPLORE.EXE>>>slet filen "IEXPLORE.EXE"

Genstart i normaltilstand og kom derefter med en ny log, så jeg kan se om vi har fået alt med.

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

den er ok ;)

Logfile of HijackThis v1.97.7
Scan saved at 23:59:32, on 20-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\IEXPLORE.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
E:\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Armor2net] E:\Programmer\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [Microsoft Internet Explorer] IEXPLORE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Microsoft Internet Explorer] IEXPLORE.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: e:\programmer\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae05585062/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38028.3396527778
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Når jeg prøver slette iexplore.exe siger den at filen er i brug..

også i fejlsikrettilstand?

jeg gider ik lave fejlsikret tilstand nu er der ik et program som kan slette filere i brug

Jo men den fremgangsmåde jeg har beskrevet er den mest sikre måde at slette filen på.

Du skal i fejlsikret tilstand. Husk at det er filen her: C:\WINDOWS\System32\IEXPLORE.EXE - altså i System32-mappen IEXPLORE.EXE skal slettes!

kan jeg ikke gøre det med programmeret dr delete

Det kan du sikkert eller programmet TheKillBox, men hvad er problemet med at genstarte og trykke F8?

jeg gider ik jeg er træt

har slette den nu tak for hjælpen

så kom med en hijackthislog, så vi kan se om du er kommet helt af med den.