Søg
Avatar billede jemar Nybegynder
27. juni 2004 - 02:40 Der er 5 kommentarer og
1 løsning

hijack logfile

Min startside blev for en uges tid siden ændret til en eller anden underlig kinesisk startside og jeg var ikke i stand til at ændre den. Samtidig blev jeg hele tiden overhældt af underlige kinesiske spam reklamer.
Ved at trykke på knappen "reset web settings" lykkedes det mig at få ændret startsiden men jeg bliver stadig bombarderet af de her underlige spam reklamer.
Jeg er ikke så rutineret men jeg kan forstå at jeg via hijackthis skal lave en logfile.

Jeg håber at der er nogen der kan hjælpe.

Her er min log:

Logfile of HijackThis v1.97.7
Scan saved at 02:32:37, on 27-06-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\smrss.exe
C:\WINDOWS\System32\ssms.exe
C:\WINDOWS\System32\tgvlojgv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\IDENTI~1\{1037F~1\com1\aux\inhere\srunner.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\COMMON~1\IDENTI~1\{1037F~1\com1\aux\inhere\srunner.exe
C:\Program Files\Common Files\Identities\{1037F7EA-1337-7331-12BB-767F78CC6782}\com1\aux\inhere\system\svchost.exe
C:\Program Files\Common Files\Identities\{1037F7EA-1337-7331-12BB-767F78CC6782}\com1\aux\inhere\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jesper\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ufo365.com/first.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.i--search.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.i--search.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ZillaBar - {CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} - C:\Program Files\STOPzilla!\ZILLAbar\ZillaBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\da\msntb.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int339890.exe -auto
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -s C:/WINDOWS/sys.reg
O4 - HKLM\..\Run: [B9CC5004] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [MicrosoftOEM] C:\WINDOWS\System32\smrss.exe
O4 - HKLM\..\Run: [Smss] ssms.exe
O4 - HKLM\..\Run: [dowwxvqwcuofn] C:\WINDOWS\System32\tgvlojgv.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [internet.exe] C:/system.hta
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\RunServices: [Smss] ssms.exe
O4 - HKLM\..\RunServices: [ACED6C36] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - HKCU\..\Run: [Smss] ssms.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [*hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/dk/win/QuickTimeInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37728.2506712963
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede strych9 Praktikant
27. juni 2004 - 03:55 #1
Jeg kan se at du engang har kørt et Housecall scan, så jeg går ud fra at det er for nyligt, hvis ikke så gør det nu med et fuldt scan.

Start da med at deaktivere din systemgendannelse. Luk _alle_ programmer inden du kører nedenstående værktøjer.
Kør dernæst CWShredder herfra: http://209.133.47.12/~merijn/files/CWShredder.exe
Og dernæst Spybot herfra: http://www.download.com/Spybot-Search-Destroy/3000-8022-10289035.html?tag=lst-0-3
Husk at opdatere og immunize spybot før du kører den. Det er vigtigt.

Dernæst sæt flueben ved nedenstående, hvis de stadig eksisterer og vælg "fix"

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ufo365.com/first.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.i--search.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.i--search.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int339890.exe -auto
O4 - HKLM\..\Run: [internet.exe] C:/system.hta
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

Genstart i fejlsikret tilstand og find og slet følgende filer og foldere:
C:\PROGRA~1\PERFEC~1\BHO
C:\Program Files\MyWay
C:\Program Files\websx\
C:/system.hta
C:\Program Files\Common files\updater\wupdater.exe
C:\PROGRA~1\COMETS~1\DM\

Genstart derefter normalt. Lav en ny hijackthis log og post den her.
Avatar billede jemar Nybegynder
27. juni 2004 - 11:39 #2
Så skulle den være klaret. Nu spørger jeg måske dumt men du skriver at jeg skal genstarte i fejlsikret tilstand og derefter genstarte normalt... Hvordan genstarter jeg i fejlsikret tilstand???

Logfile of HijackThis v1.97.7
Scan saved at 11:44:34, on 27-06-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\smrss.exe
C:\WINDOWS\System32\ssms.exe
C:\WINDOWS\System32\tgvlojgv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\IDENTI~1\{1037F~1\com1\aux\inhere\srunner.exe
C:\PROGRA~1\COMMON~1\IDENTI~1\{1037F~1\com1\aux\inhere\srunner.exe
C:\Program Files\Common Files\Identities\{1037F7EA-1337-7331-12BB-767F78CC6782}\com1\aux\inhere\system\svchost.exe
C:\Program Files\Common Files\Identities\{1037F7EA-1337-7331-12BB-767F78CC6782}\com1\aux\inhere\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jesper\Desktop\hijackthis.exe

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZillaBar - {CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} - C:\Program Files\STOPzilla!\ZILLAbar\ZillaBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\da\msntb.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [B9CC5004] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKLM\..\Run: [MicrosoftOEM] C:\WINDOWS\System32\smrss.exe
O4 - HKLM\..\Run: [Smss] ssms.exe
O4 - HKLM\..\Run: [dowwxvqwcuofn] C:\WINDOWS\System32\tgvlojgv.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\RunServices: [Smss] ssms.exe
O4 - HKLM\..\RunServices: [ACED6C36] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Smss] ssms.exe
O4 - HKLM\..\RunOnce: [*hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/dk/win/QuickTimeInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37728.2506712963
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede jemar Nybegynder
27. juni 2004 - 11:46 #3
Så skulle den være klaret. Nu spørger jeg måske dumt men du skriver at jeg skal genstarte i fejlsikret tilstand og derefter genstarte normalt... Hvordan genstarter jeg i fejlsikret tilstand???

Logfile of HijackThis v1.97.7
Scan saved at 11:44:34, on 27-06-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\smrss.exe
C:\WINDOWS\System32\ssms.exe
C:\WINDOWS\System32\tgvlojgv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\IDENTI~1\{1037F~1\com1\aux\inhere\srunner.exe
C:\PROGRA~1\COMMON~1\IDENTI~1\{1037F~1\com1\aux\inhere\srunner.exe
C:\Program Files\Common Files\Identities\{1037F7EA-1337-7331-12BB-767F78CC6782}\com1\aux\inhere\system\svchost.exe
C:\Program Files\Common Files\Identities\{1037F7EA-1337-7331-12BB-767F78CC6782}\com1\aux\inhere\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jesper\Desktop\hijackthis.exe

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\StopzillaBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZillaBar - {CAAE9D7F-FFCC-46CF-8DEE-00DCC6CDF5A1} - C:\Program Files\STOPzilla!\ZILLAbar\ZillaBar.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\da\msntb.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [B9CC5004] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKLM\..\Run: [MicrosoftOEM] C:\WINDOWS\System32\smrss.exe
O4 - HKLM\..\Run: [Smss] ssms.exe
O4 - HKLM\..\Run: [dowwxvqwcuofn] C:\WINDOWS\System32\tgvlojgv.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\RunServices: [Smss] ssms.exe
O4 - HKLM\..\RunServices: [ACED6C36] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Smss] ssms.exe
O4 - HKLM\..\RunOnce: [*hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030523/qtinstall.info.apple.com/drakken/dk/win/QuickTimeInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37728.2506712963
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
Avatar billede jemar Nybegynder
27. juni 2004 - 11:48 #4
hmmm.. mens du er i gang kan du så ikke lige forklare mig hvad forskellen er om jeg trykker "kommentar" eller "svar"..???
Og hvordan deler jeg helt præcist point ud... sker det helt automatisk.
Avatar billede strych9 Praktikant
27. juni 2004 - 12:22 #5
hæng på mens jeg kigger den igennem for det sidste.
Du starter i fejlsikret tilstand ved at trykke F8 under opstart af computer og vælge fejlsikret tilstand (der skal trykkes F8 i et kort tidsinterval et sted mellem den har sagt bip og indtil der står microsoft eller windows på skærmen).
Point kan du uddele når jeg har lagt et svar. Det har jeg ikke endnu, for jeg er ikke helt færdig med dig.. Vent lidt.
Avatar billede strych9 Praktikant
27. juni 2004 - 12:39 #6
hmm ok, jeg vil vælge ikke at fjerne P2P networking og de ting som ville få dit Altnet og Kazaa til at holde op med at virke. Du skal bare være opmærksom på at de har leveret en god del af det spyware ind af døren til din computer.

Hvad jeg har overset i første omgang er at du har Sasser.F, så du skal lige downloade stinger herfra http://vil.nai.com/vil/stinger/ og køre den. - Et fuldt scan. Du skal ligeledes besøge Windows update og få patchet din computer med SP1 og alle de kritiske patches. - Ellers får du bare Sasser igen med det samme.

Derudover er jeg ikke klar over hvad følgende er. Det kan være spyware, og det er det sandsynligvis også. Det kan også være ting som din computer bruger til noget fornuftigt, men det er i hvert fald ikke noget der ligger i en standard windows, så hvis du fixer disse også, men har en windows cd + dine driver cd'er parat hvis det skulle gå galt:

O4 - HKLM\..\Run: [hlbidxl] rundll32 C:\WINDOWS\System32:hlbidxl.dll,Init 1
O4 - HKLM\..\Run: [B9CC5004] C:\WINDOWS\System32\udmningfyofq.exe
O4 - HKLM\..\Run: [dowwxvqwcuofn] C:\WINDOWS\System32\tgvlojgv.exe
O4 - HKLM\..\RunServices: [ACED6C36] C:\WINDOWS\System32\udmningfyofq.exe

Så start i fejlsikret tilstand igen og find og slet de filer.
Start normalt igen, og lav en ny log.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:45 AJAX kode -javascript Af Asky i Programmeringsværktøjer
I dag 11:50 Vælg indstilling - blå skærm med med flere muligheder for fejlretning Af Uvanga i Windows
I går 23:24 Google sheets beregning udfra dato Af rickiegrayholm i Office & Kontorpakker
I går 18:09 Outlook Classic, lukker ikke Af mort1 i E-mail programmer
13/0520:48 Bred buet skærm vs. 2 skærme Af Nanarsi i Skærme
White papers
Flere white papers »