Søg
Avatar billede the_mazter Nybegynder
01. oktober 2004 - 20:48 Der er 10 kommentarer og
1 løsning

hjt log

Logfile of HijackThis v1.97.7
Scan saved at 20:42:09, on 01-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\WcgopSvc.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\Wcgopsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\glophone.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Anni\Dokumenter\Modtagne filer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.get2net.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Everyday.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B9F9BFF-0674-4EF5-8395-6AE81856E79C} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Miniphone] C:\WINDOWS\glophone.exe /w
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmer\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Voiceglo directory (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1589FA52-CD16-AB01-11CE-00ABBA05F119} - http://www.xblock.com/download/smartbomb_setup.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/musicnow/3.0.0.60/setup.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38090.4892013889
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash/cabs/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06C4B8B1-D3DB-4697-B45E-A9C3716515E1}: NameServer = 212.54.64.170 212.54.64.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{06C4B8B1-D3DB-4697-B45E-A9C3716515E1}: NameServer = 212.54.64.170 212.54.64.171

Hvad skal fjernes?

/Mazter
Avatar billede fromsej Praktikant
01. oktober 2004 - 21:19 #1
Hent de her to programmer:
http://cexx.org/lspfix.htm - http://cexx.org/lspfix.zip
http://www.bleepingcomputer.com/forums/index.php?showtutorial=59 - Vejledning.
http://danborg.org/spy/Newnet/winsockxpfix.exe - Winsockfix.

Fjern Webhancer, MessengerPlus, og Newdotnet i Tilføj/Fjern programmer.
Genstart, tjek om internettet virker, gør det ikke skal du bruge de to programmer du hentede.
Kør først LSPfix,  sæt flueben i I know what I am doing, klik på finish, genstart så burde det virke.
Gør det ikke det, så prøv det andet program, klik først på Reg-backup, og gem en kopi af din regdatabase, når det er slut klik på Fix, når den er færdig genstart og så skulle du gerne kunne komme på nettet igen.

Kom så med en ny log.
Brug denne Hijackthis:
http://danborg.org/spy/HJT/hijackthis.exe
Avatar billede the_mazter Nybegynder
01. oktober 2004 - 21:31 #2
Nu med opdateret Hjt :D

Logfile of HijackThis v1.98.2
Scan saved at 21:29:47, on 01-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\WcgopSvc.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\Wcgopsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\glophone.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Anni\Dokumenter\Modtagne filer\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.get2net.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.jubii.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Everyday.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO:  - {3B9F9BFF-0674-4EF5-8395-6AE81856E79C} - C:\WINDOWS\lbbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [Miniphone] C:\WINDOWS\glophone.exe /w
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmer\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmer\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmer\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Skrivebord\Glophone.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {1589FA52-CD16-AB01-11CE-00ABBA05F119} - http://www.xblock.com/download/smartbomb_setup.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/musicnow/3.0.0.60/setup.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06C4B8B1-D3DB-4697-B45E-A9C3716515E1}: NameServer = 212.54.64.170 212.54.64.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{06C4B8B1-D3DB-4697-B45E-A9C3716515E1}: NameServer = 212.54.64.170 212.54.64.171

/Mazter
Avatar billede fromsej Praktikant
01. oktober 2004 - 23:13 #3
Jeg kan se alle tre endnu, vi kan ikke få den ren, før de er fjernet.
Hvis du ikke kan finde Webhancer og Newdotnet/Newnet, så fjern i det mindste MessengerPlus.
Avatar billede majsmarken Nybegynder
01. oktober 2004 - 23:42 #4
Lidt om Messenger Plus 3:
http://www.eksperten.dk/spm/528544
Avatar billede the_mazter Nybegynder
02. oktober 2004 - 11:15 #5
undskylder, men jeg kom med loggen før jeg havde set at fromsej havde kommenteret

/Mazter
Avatar billede the_mazter Nybegynder
02. oktober 2004 - 12:29 #6
her er den "rene" log så :)

Logfile of HijackThis v1.98.2
Scan saved at 12:27:44, on 02-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\WcgopSvc.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\Wcgopsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Anni\Dokumenter\Modtagne filer\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.get2net.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO:  - {3B9F9BFF-0674-4EF5-8395-6AE81856E79C} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/musicnow/3.0.0.60/setup.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06C4B8B1-D3DB-4697-B45E-A9C3716515E1}: NameServer = 212.54.64.170 212.54.64.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{06C4B8B1-D3DB-4697-B45E-A9C3716515E1}: NameServer = 212.54.64.170 212.54.64.171

/Mazter
Avatar billede fromsej Praktikant
02. oktober 2004 - 12:47 #7
Det pyntede en hel del.

Flyt Hijackthis til en mappe oprettet til formålet.

Hent denne scanner, den skal du bruge senere.
http://www.mwti.net/antivirus/free_utilities.asp - Virusscanner.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O2 - BHO:  - {3B9F9BFF-0674-4EF5-8395-6AE81856E79C} - C:\WINDOWS\lbbho.dll
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

---------------------------------------
Kører maskinen som server? Ellers fixes.
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
---------------------------------------
Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".

Filer:
C:\WINDOWS\lbbho.dll
C:\WINDOWS\services.exe
---------------------------------------
Så kører du engangsskanneren du hentede i starten - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.

---------------------------------------
Du skal også lige hente og installere programmet Ad-aware hvis du da ikke har det i forvejen. Opdater det straks efter installationen, og inden du kører en scanning med denne. Fjern alt hvad den finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware
Følg også vejledningen her til udvidet søgning: http://www.spywarefri.dk/tipsogtricks.htm#adaware
---------------------------------------
Genstart og kom med en ny logfil, så jeg kan se om alt er med.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AC
Avatar billede the_mazter Nybegynder
02. oktober 2004 - 13:38 #8
Logfile of HijackThis v1.98.2
Scan saved at 13:30:50, on 02-10-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\WcgopSvc.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\Wcgopsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Anni\Dokumenter\Modtagne filer\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.get2net.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Programmer\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} (FASetupStart Control) - http://a2.ff.fullaudio.com.edgesuite.net/f/2/8819/1d/software.fullaudio.com/musicnow/3.0.0.60/setup.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4358/mcfscan.cab

Ny log

/Mazter
Avatar billede fromsej Praktikant
02. oktober 2004 - 13:55 #9
Så er din log ren, du skal lige deaktivere systemgendannelse, genstarte og genaktivere den samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse
Vi har skrevet et par artikler om sikkerhed på nettet.
http://www.eksperten.dk/artikler/144
http://www.eksperten.dk/artikler/254
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Mvh:
Fromsej/Team Spywarefri.
Avatar billede the_mazter Nybegynder
02. oktober 2004 - 13:59 #10
Takker

/Mazter
Avatar billede fromsej Praktikant
02. oktober 2004 - 14:08 #11
Velbekomme, tak for point.*S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:54 Jeg skal have indstaleret Garmin express Af skolevej321 i Andet software
I dag 10:48 Back up af foto til ekstern harddisk Af hkprofil i Office & Kontorpakker
I går 17:11 Har glemt navn på min ene konto på eksperten! Af ErikHg i Fri debat
I går 15:00 RIP af DVD med MakeMKV Af dcedata1977 i Servere
I går 10:08 slet windows Af jajoh i Windows
White papers
Flere white papers »