HiJackThis... help!

Af Bruger Aspirant Due | 06-09-2004 17:43 | 997 visninger | 4 svar, hop til seneste

Halløjsa Jeg har desværre også lidt problemer med nogle filer der ikke vil slettes. Håber der er nogen der kan hjælpe! Logfile of HijackThis v1.97.7 Scan saved at 17:34:25, on 06-09-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:ProgrammerAnalog DevicesSoundMAXSMAgent.exe C:WINDOWSsystem32oneLabsvsmon.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:Program FilesASUSProbeAsusProb.exe C:ProgrammerLogitechiTouchiTouch.exe C:ProgrammerMessenger Plus! 3MsgPlus.exe C:ProgrammerFælles filerInterVideoSchSvrSchSvr.exe C:ProgrammerWinampwinampa.exe C:Programmerone LabsoneAlarmzlclient.exe C:ProgrammerInternet Exploreriexplore.exe C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerWinBarWinBar.exe C:ProgrammerMSN Messengermsnmsgr.exe C:ProgrammerAvant Browseriexplore.exe C:ProgrammerWinampwinamp.exe C:ProgrammerBluetackBlocklist ManagerBlockMgr.exe c:progra~1intern~1iexplore.exe G:InstallsHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gktcilqegsqdpgcrpaivoxi.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.qeyopurnjnapcor.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Due's R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: (no name) - {9A0DA3E0-8610-2F6E-EDA1-5C759953D10B} - C:PROGRA~1OPENSE~1pokechin.exe O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:ProgrammerTGTSoftStyleXPTGT_BHO.dll O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:ProgrammerSystran4_0PremiumIEPlugIn.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe O4 - HKLM..Run: [zBrowser Launcher] C:ProgrammerLogitechiTouchiTouch.exe O4 - HKLM..Run: [ATIPTA] atiptaxx.exe O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [WinDVR SchSvr] "C:ProgrammerFælles filerInterVideoSchSvrSchSvr.exe" O4 - HKLM..Run: [that sect] C:PROGRA~1FLAWBL~1drawcoal.exe O4 - HKLM..Run: [curb mix burn rule] C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [Zone Labs Client] "C:Programmerone LabsoneAlarmzlclient.exe" O4 - HKLM..Run: [AWMON] "C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe" O4 - Startup: PowerReg Scheduler.exe O4 - Startup: WinBar.lnk = C:ProgrammerWinBarWinBar.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: ATITool.lnk = C:ProgrammerATIToolATITool.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O8 - Extra context menu item: Bloker alle billeder fra den samme server - C:ProgrammerAvant BrowserAddAllToADBlackList.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Marker forekomster af ord på denne side - C:ProgrammerAvant BrowserHighlight.htm O8 - Extra context menu item: Søg på ord - C:ProgrammerAvant BrowserSearch.htm O8 - Extra context menu item: Tilføj til AD Black List - C:ProgrammerAvant BrowserAddToADBlackList.htm O8 - Extra context menu item: Åben alle links på denne side... - C:ProgrammerAvant BrowserOpenAllLinks.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com[...] O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk[...] O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com[...] /Due
--

#1
Kim In Chul
Semi Supporter
06-09-2004 19:39

Rapporter til Admin

Hej der er lidt som skal fikses... Start med at deaktivere systemgendannelsen, kør en ny hijackthis og sæt flueben ud for: O2 - BHO: (no name) - {9A0DA3E0-8610-2F6E-EDA1-5C759953D10B} - C:PROGRA~1OPENSE~1pokechin.exe O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:ProgrammerTGTSoftStyleXPTGT_BHO.dll O4 - HKLM..Run: [that sect] C:PROGRA~1FLAWBL~1drawcoal.exe O4 - HKLM..Run: [curb mix burn rule] C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: WinBar.lnk = C:ProgrammerWinBarWinBar.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: ATITool.lnk = C:ProgrammerATIToolATITool.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE Luk derefter alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand: C:PROGRA~1OPENSE~1pokechin.exe C:PROGRA~1FLAWBL~1drawcoal.exe C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe Start derefter op i normal tilstand og smid en ny log herind til kontrol. //Kim In Chul
--

#2
Due
Bruger Aspirant
07-09-2004 15:15

Rapporter til Admin

Goddag igen... Så har jeg (næsten) gjort som sagt. Jeg undlod at fjerne: O4 - Startup: WinBar.lnk = C:ProgrammerWinBarWinBar.exe O4 - Global Startup: ATITool.lnk = C:ProgrammerATIToolATITool.exe Da det er 2 programmer som jeg bruger! Ville der ske noget ved at fjerne disse? R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gktcilqegsqdpgcrpaivoxi.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.qeyopurnjnapcor.com[...] Det er ret irriterende at min startside der den der adresse hver gang! Der var 3 ting jeg ikke kunne fjerne(de kursive) men her er loggen så: Logfile of HijackThis v1.97.7 Scan saved at 15:07:18, on 07-09-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSSystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:ProgrammerAnalog DevicesSoundMAXSMAgent.exe C:WINDOWSsystem32oneLabsvsmon.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:Program FilesASUSProbeAsusProb.exe C:ProgrammerLogitechiTouchiTouch.exe C:ProgrammerMessenger Plus! 3MsgPlus.exe C:ProgrammerFælles filerInterVideoSchSvrSchSvr.exe C:ProgrammerWinampwinampa.exe C:Programmerone LabsoneAlarmzlclient.exe C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe C:ProgrammerInternet Exploreriexplore.exe C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerWinBarWinBar.exe C:ProgrammerMSN Messengermsnmsgr.exe G:InstallsHijackThis.exe C:WINDOWSSystem32wuauclt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gktcilqegsqdpgcrpaivoxi.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.qeyopurnjnapcor.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Due's R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:ProgrammerSystran4_0PremiumIEPlugIn.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [ASUS Probe] C:Program FilesASUSProbeAsusProb.exe O4 - HKLM..Run: [zBrowser Launcher] C:ProgrammerLogitechiTouchiTouch.exe O4 - HKLM..Run: [ATIPTA] atiptaxx.exe O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKLM..Run: [WinDVR SchSvr] "C:ProgrammerFælles filerInterVideoSchSvrSchSvr.exe" O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [Zone Labs Client] "C:Programmerone LabsoneAlarmzlclient.exe" O4 - HKLM..Run: [AWMON] "C:PROGRA~1LavasoftAD-AWA~1Ad-Watch.exe" O4 - HKLM..Run: [that sect] C:PROGRA~1FLAWBL~1drawcoal.exe O4 - HKLM..Run: [curb mix burn rule] C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide O4 - Startup: WinBar.lnk = C:ProgrammerWinBarWinBar.exe O4 - Global Startup: ATITool.lnk = C:ProgrammerATIToolATITool.exe O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O8 - Extra context menu item: Bloker alle billeder fra den samme server - C:ProgrammerAvant BrowserAddAllToADBlackList.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Marker forekomster af ord på denne side - C:ProgrammerAvant BrowserHighlight.htm O8 - Extra context menu item: Søg på ord - C:ProgrammerAvant BrowserSearch.htm O8 - Extra context menu item: Tilføj til AD Black List - C:ProgrammerAvant BrowserAddToADBlackList.htm O8 - Extra context menu item: Åben alle links på denne side... - C:ProgrammerAvant BrowserOpenAllLinks.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com[...] O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk[...] O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com[...] /Due
--

#3
Due
Bruger Aspirant
07-09-2004 15:18

Rapporter til Admin

Den lavede åbentbart ikke altsammen kursivt men det er disse ting programmet ikke kunne fjerne: O4 - HKLM..Run: [that sect] C:PROGRA~1FLAWBL~1drawcoal.exe O4 - HKLM..Run: [curb mix burn rule] C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide /Due
--

#4
Kim In Chul
Semi Supporter
07-09-2004 18:36

Rapporter til Admin

#2 Det må du undskylde, mig der lavede en fejl. Det er godt at du påpeger dem. Jeg retter ud efter din log i #2 Start med at deaktiver systemgendannelsen, kør en ny hijackthis og sæt flueben ud for: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gktcilqegsqdpgcrpaivoxi.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.qeyopurnjnapcor.com[...] I]O4 - HKLM..Run: [that sect] C:PROGRA~1FLAWBL~1drawcoal.exe O4 - HKLM..Run: [curb mix burn rule] C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com[...] Luk alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet: C:PROGRA~1FLAWBL~1drawcoal.exe (Slet rodmappen) C:Documents and SettingsAll UsersApplication DataFlaw Win Curb MixFace Coal.exe(slet rodmappen) Start derefter op i normal tilstand og smid en ny hijackthis log herind. //Kim In Chul
--