hjt log, help please

Af Monsterbruger ThE ])uke | 15-08-2004 15:58 | 869 visninger | 3 svar, hop til seneste

min bror har haft lånt compen lidt og der er kommet lidt snavs i den... Logfile of HijackThis v1.97.7 Scan saved at 13:30:24, on 15-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgrammerTGTSoftStyleXPStyleXPService.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerAlwil SoftwareAvast4aswUpdSv.exe C:ProgrammerAlwil SoftwareAvast4ashServ.exe C:ProgrammerExecutive SoftwareDiskeeperDkService.exe C:WINDOWSSystem32inetsrvinetinfo.exe C:ProgrammerFælles filerMicrosoft SharedVS7DEBUGMDM.EXE C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:ProgrammerVMwareVMware Workstationvmware-authd.exe C:WINDOWSSystem32vmnat.exe C:WINDOWSSystem32vmnetdhcp.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:PROGRA~1ALWILS~1Avast4ashmaisv.exe C:ProgrammerJavaj2re1.4.2_04injusched.exe C:WINDOWSSystem32RUNDLL32.EXE C:ProgrammerWeb_RebatesWebRebates0.exe C:WINDOWSSystem32 undll32.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerTGTSoftStyleXPStyleXP.exe C:ProgrammerHewlett-PackardDigital Imaginginhpobnz08.exe C:ProgrammerHewlett-PackardDigital Imaginginhpotdd01.exe C:ProgrammerHewlett-PackardDigital Imaginginhpoevm08.exe C:WINDOWSSystem32HPZipm12.exe C:ProgrammerWeb_RebatesWebRebates1.exe C:ProgrammerHewlett-PackardDigital ImagingBinhpoSTS08.exe I:hjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://hol.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:ProgrammerNewDotNet ewdotnet6_30.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:WINDOWSDownloaded Program Filesgooglenav.dll O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [MediaFace Integration] C:ProgrammerFellowesMediaFACE 4.0SetHook.exe O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04injusched.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [WebRebates0] "C:ProgrammerWeb_RebatesWebRebates0.exe" O4 - HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe" O4 - HKLM..Run: [webHancer Survey Companion] "C:Program FileswebHancerProgramswhSurvey.exe" O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:ProgrammerHewlett-PackardDigital Imaginginhpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:ProgrammerGetRightGRdownload.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:ProgrammerGetRightGRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmsimilar.html O8 - Extra context menu item: Web Rebates - file://C:ProgrammerWeb_RebatesSy1150Tp1150scri1150a.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com[...] O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...] O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--

•EN VERDEN I FLAMMER• DANMARKS GUIDE TIL ANDEN VERDENSKRIG PÅ INTERNETTET http://flammer.1go.dk[...]

#1
Armageddon
Moderator
15-08-2004 16:40

Rapporter til Admin

Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Hent så et par værktøjer: http://www.mdegn.dk[...] og http://www.mdegn.dk[...] (vent med at bruge dem) Kør en ny scanning med HJT og sæt flueben ved disse: O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:ProgrammerNewDotNet ewdotnet6_30.dll O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04 injusched.exe O4 - HKLM..Run: [WebRebates0] "C:ProgrammerWeb_RebatesWebRebates0.exe" O4 - HKLM..Run: [webHancer Agent] "C:Program FileswebHancerProgramswhAgent.exe" O4 - HKLM..Run: [webHancer Survey Companion] "C:Program FileswebHancerProgramswhSurvey.exe" O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O8 - Extra context menu item: Web Rebates - file://C:ProgrammerWeb_RebatesSy1150Tp1150scri1150a.htm O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet disse mapper: C:\Programmer\Web_Rebates\ C:\Programmer\NewDotNet\ C:\Program Files\webHancer\ Genstart normalt. Tjek om internettet virker - hvis det ikke gør skal du køre de to programmer, du downloadede. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#2
ThE ])uke
Monsterbruger
15-08-2004 21:09

Rapporter til Admin

Her er den nye log så, jeg tror den er ren... da jeg startede op i fejlsikret kunne jeg ikke slette New.Net mappen, men så var der en uinstaller inde i mappen, der fjernede det hele og satte ISP'en tilbage til normal. (skrev den ihvertfald) Logfile of HijackThis v1.97.7 Scan saved at 21:10:41, on 15-08-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgrammerTGTSoftStyleXPStyleXPService.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:ProgrammerAlwil SoftwareAvast4aswUpdSv.exe C:ProgrammerAlwil SoftwareAvast4ashServ.exe C:ProgrammerExecutive SoftwareDiskeeperDkService.exe C:WINDOWSSystem32inetsrvinetinfo.exe C:ProgrammerFælles filerMicrosoft SharedVS7DEBUGMDM.EXE C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:ProgrammerVMwareVMware Workstationvmware-authd.exe C:WINDOWSSOUNDMAN.EXE C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:PROGRA~1ALWILS~1Avast4ashmaisv.exe C:WINDOWSSystem32RUNDLL32.EXE C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerTGTSoftStyleXPStyleXP.exe C:ProgrammerHewlett-PackardDigital Imaginginhpobnz08.exe C:ProgrammerHewlett-PackardDigital Imaginginhpotdd01.exe C:WINDOWSSystem32vmnat.exe C:WINDOWSSystem32vmnetdhcp.exe C:ProgrammerHewlett-PackardDigital Imaginginhpoevm08.exe C:ProgrammerHewlett-PackardDigital ImagingBinhpoSTS08.exe C:WINDOWSSystem32wuauclt.exe I:hjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://hol.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:WINDOWSDownloaded Program Filesgooglenav.dll O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe O4 - HKLM..Run: [MediaFace Integration] C:ProgrammerFellowesMediaFACE 4.0SetHook.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide O4 - Global Startup: hp psc 2000 Series.lnk = C:ProgrammerHewlett-PackardDigital Imaginginhpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Google Search - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:ProgrammerGetRightGRdownload.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:ProgrammerGetRightGRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://C:WINDOWSDownloaded Program Filesgooglenav.dll/cmsimilar.html O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com[...] O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...] O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
•EN VERDEN I FLAMMER• DANMARKS GUIDE TIL ANDEN VERDENSKRIG PÅ INTERNETTET http://flammer.1go.dk[...]

#3
Armageddon
Moderator
16-08-2004 03:41

Rapporter til Admin

Du har ret, loggen er nu helt ren. Du må godt aktivere systemgendannelse igen.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]