HijackThis: Ser det godt ud

Af Megabruger Mighty_nOOb | 21-06-2004 12:55 | 939 visninger | 7 svar, hop til seneste

Her er min log, er her en kyndig der vil kaste et blik på den: Logfile of HijackThis v1.97.7 Scan saved at 12:50:43 PM, on 6/21/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe D:PROGRA~1GrisoftAVG6avgserv.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32MsPMSPSv.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:ProgrammerFælles filerRealUpdate_OB ealsched.exe C:WINDOWSSystem32CTHELPER.EXE D:ProgrammerLogitechMouseWaresystemem_exec.exe C:ProgrammerJavaj2re1.4.2_03injusched.exe C:WINDOWSSystem32ctfmon.exe C:WINDOWSSystem32 undll32.exe C:Documents and SettingsP!nkSkrivebordHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe O4 - HKLM..Run: [TkBellExe] "C:ProgrammerFælles filerRealUpdate_OB ealsched.exe" -osboot O4 - HKLM..Run: [Ad-aware] "D:ProgrammerLavasoftAd-aware 6Ad-aware.exe" +c O4 - HKLM..Run: [RivaTunerStartupDaemon] "D:ProgrammerRivaTunerRivaTuner.exe" /S O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM..Run: [Jet Detection] D:ProgrammerCreativeSBLivePROGRAMADGJDet.exe O4 - HKLM..Run: [CTStartup] C:ProgrammerCreativeSplash ScreenCTEaxSpl.EXE /run O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_03injusched.exe O4 - HKLM..Run: [AVG_CC] D:ProgrammerGrisoftAVG6avgcc32.exe /startup O4 - HKLM..Run: [Zone Labs Client] "D:Programmerone LabsoneAlarmzlclient.exe" O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com[...] O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com[...] O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com[...] O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk[...]
--

#1
Knutz
Monster Supporter
21-06-2004 13:03

Rapporter til Admin

den er nogenlunde ren: du kan med fordel krydse dem her af, da de bare sluger resourcer! og lige lidt snavs! :) R3 - Default URLSearchHook is missing O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_03injusched.exe O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com[...] O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com[...] O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com[...]
--
Jahh.. Så kan du lære det! MSN: [email protected]

#2
Kim In Chul
Elitebruger
21-06-2004 13:05

Rapporter til Admin

Hej, det er faktisk en meget fin log du har der:D Start med at deaktivere systemgendannelsen og kør en ny hijackthis. Sæt flueben ud for: R3 - Default URLSearchHook is missing O4 - HKLM..Run: [TkBellExe] "C:ProgrammerFælles filerRealUpdate_OB ealsched.exe" -osboot O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_03injusched.exe Hvis du ikke kender denne adresse: http://streamp.babenet.com[...] (ikke noget linkfix hvis det nu er en "bad" addresse) Så skal du også fikse denne: O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com[...] Du kan med fordel downloade disse programmer: Spybot S & D: http://www.safer-networking.org[...] Spywareblaster: http://www.javacoolsoftware.com[...] Det førstnævnte skal du huske at immunisere med, og som altid... Husk at opdatere programmerne før brug... //Kim In Chul
--

#3
Mighty_nOOb
Megabruger
21-06-2004 13:09

Rapporter til Admin

1#,2# Takker for de hurtige svar, vil straks gå igang.. :-)
--

#4
Armageddon
Moderator
21-06-2004 13:11

Rapporter til Admin

Kør en ny scanning med HJT og sæt flueben ved disse: R3 - Default URLSearchHook is missing O4 - HKLM..Run: [TkBellExe] "C:ProgrammerFælles filerRealUpdate_OB ealsched.exe" -osboot O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_03 injusched.exe O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com[...] O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com[...] O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com[...] O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamp.babenet.com[...] O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart maskinen. Der er det.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#5
Mighty_nOOb
Megabruger
21-06-2004 13:22

Rapporter til Admin

#3 Så ser den således ud: Logfile of HijackThis v1.97.7 Scan saved at 1:20:28 PM, on 6/21/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe D:PROGRA~1GrisoftAVG6avgserv.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32MsPMSPSv.exe C:WINDOWSSystem32CTHELPER.EXE D:ProgrammerLogitechMouseWaresystemem_exec.exe C:WINDOWSSystem32ctfmon.exe C:Documents and SettingsP!nkSkrivebordHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe O4 - HKLM..Run: [Ad-aware] "D:ProgrammerLavasoftAd-aware 6Ad-aware.exe" +c O4 - HKLM..Run: [RivaTunerStartupDaemon] "D:ProgrammerRivaTunerRivaTuner.exe" /S O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM..Run: [Jet Detection] D:ProgrammerCreativeSBLivePROGRAMADGJDet.exe O4 - HKLM..Run: [CTStartup] C:ProgrammerCreativeSplash ScreenCTEaxSpl.EXE /run O4 - HKLM..Run: [AVG_CC] D:ProgrammerGrisoftAVG6avgcc32.exe /startup O4 - HKLM..Run: [Zone Labs Client] "D:Programmerone LabsoneAlarmzlclient.exe" O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com[...] O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {94F5DCB7-816C-4B94-A2C1-856C6E323C5B} - http://akamai.downloadv3.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk[...]
--

#6
Kim In Chul
Elitebruger
21-06-2004 13:25

Rapporter til Admin

#5 Så er den log ren, vil jeg mene... Prøv at downloade de programmer jeg(og mange andre) anbefaler... Fylder ik noget, tager næsten ingen tid... og er virkelig gode, og det bedste af alt... De er gratis:D
--

#7
Mighty_nOOb
Megabruger
21-06-2004 13:27

Rapporter til Admin

6# Så siger jeg mange tak. Prøver lige de programmer så.. Tak for hjæpen alle.. :-)
--