Avatar billede mamme Nybegynder
07. april 2006 - 19:11 Der er 10 kommentarer og
1 løsning

Hijackthis logfil, need help!

Hej folkens, Min startside ændre sig hele tiden og der er ret træls! Så ville blive glad hvis en af jer vil se den igennem og fortælle hvad der skal gøres

Logfile of HijackThis v1.99.1
Scan saved at 19:08:37, on 07-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\ZoneAlarm\zlclient.exe
C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\GetRight\getright.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rasmus\Skrivebord\hijack\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\system32\hp4834.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] :C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] :C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows installer] :C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] :C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [aupd] :C:\WINDOWS\system32\sywsvcs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
07. april 2006 - 19:36 #1
... under alle omstændigheder rul resten af proceduren herfra -> http://www.eksperten.dk/artikler/755

(Der er nogle kendte 'snavs'-elementer i din log...)
Avatar billede fromsej Praktikant
07. april 2006 - 20:17 #2
Jeg kunne egentlig godt tænke mig at se om vores nye program kunne pelse den Smitfraud.
Ham der har skrevet artikel 755 bliver nok ikke sur, hvis du lige prøver dette:

Hent og installer denne scanner:
http://www.superantispyware.com/superantispywarefreevspro.html

Start programmet, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret.

Start programmet, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start programmet igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Vi skal også se en frisk Hijackthislog.
07. april 2006 - 20:35 #3
"...Ham der har skrevet artikel 755 bliver nok ikke sur..." - tihi...
Avatar billede mamme Nybegynder
07. april 2006 - 22:13 #4
ok så er det gjort, nu bliver min startside da ikke ændret mere..
her er de 2 logfiler

SUPERAntiSpyware Scan Log
Generated 04/07/2006 at 10:02 PM

Core Rules Database Version : 2853
Trace Rules Database Version: 1029

Memory threats detected  : 0
Registry threats detected : 10
File threats detected    : 111

Trojan.Windows Installer
    [Windows installer] :C:\winstall.exe
    :C:\winstall.exe

Adware.PayTime
    [PayTime] :C:\WINDOWS\system32\paytime.exe
    :C:\WINDOWS\system32\paytime.exe

Trojan.SYWSVCS
    [aupd] :C:\WINDOWS\system32\sywsvcs.exe
    :C:\WINDOWS\system32\sywsvcs.exe

Malware.SpywareQuake
    C:\Program Files\SpywareQuake\SpywareQuake.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuake.exe
    HKLM\Software\SpywareQuake
    HKLM\Software\SpywareQuake#refid

Adware.Tracking Cookie
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.dafreexxxmovies[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@aff.primaryads[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@advert.savvy[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.eurocarsex[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@smileycentral[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@tacoda[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.hardsextacy[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@cgi-bin[3].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@4stats[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.zanox[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@tgp.xxxkey[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@toplist[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@xiti[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexygonzo[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.myfirstdatesex[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ultra-xxx[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@hit.stat[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexfarmer[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@dealtime[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@cs.sexcounter[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.adocean[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@sc[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@vipsexpics[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.888[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@dist.belnk[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ads.planetactive[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@lynxtrack[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.my-teensex[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@adopt.euroclick[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@yadro[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@serving-sys[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@count[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@e-2dj6wjlywldpaho.stats.esomniture[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.yieldmanager[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@belnk[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@cz11.clickzs[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@revsci[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@track.adform[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@private-teen-sex[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@roiservice[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@st[37].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@adultfriendfinder[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.webstat[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@rec[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@e-2dj6wjl4wnajmho.stats.esomniture[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@c.enhance[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.18teenssex[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@tribalfusion[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@stat.dealtime[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@e2.emediate[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexy-photos[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@st[21].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.yieldmanager[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@atdmt[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@counter.cnw[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@st[7].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sextask[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@image.masterstats[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.xxxvogue[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@atwola[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@yieldmanager[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@adfair[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.nexxx[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@doubleclick[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexuploader[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.xxxporn-babes[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@122.2o7[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@statsgold[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@1068711394[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@cassava[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@cz5.clickzs[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ads.gamershell[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.thesexsquare[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.gimmesex[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@1070480034[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@adtech[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@adlegend[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@azjmp[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@vip2.clickzs[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@e-2dj6wgkocjajehp.stats.esomniture[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@80570461[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@dealtime.co[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@mediaplex[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@48940962[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@stats1.reliablestats[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.dailysexy[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ad1.emediate[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@888[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.megasexnetwork[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@webstat[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@straight3[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@ehg-nvidia.hitbox[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sextasya[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@straight2[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@cgi-bin[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@checkstat[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@xml.bravenetmedianetwork[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@www.statspage[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@burstnet[2].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@fcstats.bcentral[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@as1.falkag[1].txt
    C:\Documents and Settings\Rasmus\Cookies\rasmus@1072199669[1].txt

Trojan.Child/Bug
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} [ OutPost FireWall ]
    HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
    HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}\InProcServer32
    HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}\InProcServer32#ThreadingModel

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url

Trojan.Zlob-BY
    C:\WINDOWS\system32\ncompat.tlb

Trojan.WINSYS
    C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\WinSys.exe
    C:\WINDOWS\system32\WinSys.exe

-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:08:01, on 07-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\ZoneAlarm\zlclient.exe
C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\superantispyware\SUPERAntiSpyware.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rasmus\Skrivebord\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmer\GetRight\xx2gr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] :C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] :C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\superantispyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\superantispyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Avatar billede fromsej Praktikant
07. april 2006 - 22:57 #5
Jeg er imponeret, den åd sq det hele.*S*
---------------------------------------
Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.
Avatar billede fromsej Praktikant
07. april 2006 - 23:00 #6
Se lige bort fra det med "Slet filer og mapper", det skulle ikke have været med, i euforien over SAS´s effektivitet, fik jeg det ikke redigeret ud.
Avatar billede mamme Nybegynder
08. april 2006 - 00:00 #7
hehe iorden, her er logfilerne

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 87289
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 3
Objects renamed: 5
Objects moved: 0
Objects ignored: 0
Scan speed: 415 Kb/s
Scan time: 00:38:09

-----------------------------------------------------------------------------
Avatar billede mamme Nybegynder
08. april 2006 - 00:00 #8
Logfile of HijackThis v1.99.1
Scan saved at 23:58:15, on 07-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\ZoneAlarm\zlclient.exe
C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\superantispyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rasmus\Skrivebord\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmer\GetRight\xx2gr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] :C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] :C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\superantispyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\superantispyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Avatar billede fromsej Praktikant
08. april 2006 - 00:13 #9
Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere den.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

SuperAntiSpyware kan købes her:
http://spywarefri-shop.dk/product_info.php?cPath=35&products_id=84
Hvor man også kan læse om forskellen på den gratis og købeversionen.
Avatar billede mamme Nybegynder
08. april 2006 - 12:32 #10
fint :) jeg takker
Avatar billede fromsej Praktikant
08. april 2006 - 12:36 #11
Velbekomme, tak for point. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester