hijackthis log

Af Bruger Aspirant Dolph | 23-09-2004 10:54 | 892 visninger | 1 svar, hop til seneste

Hey nogen der har forslag til hvad der skal fjernes her ???? Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:ProgrammerNavNTdefwatch.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:WINDOWSSOUNDMAN.EXE C:ProgrammerWinampwinampa.exe C:ProgrammerNavNTvptray.exe C:ProgrammerD-Toolsdaemon.exe C:ProgrammerQuickTimeqttask.exe C:ProgrammerNavNT tvscan.exe C:WINDOWSsystem32SFSVC32.EXE C:ProgrammerHewlett-PackardDigital ImagingUnloadhpqcmon.exe C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnd.exe C:WINDOWSSystem32ctfmon.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32RUNDLL32.EXE C:ProgrammerMSN MessengerMsnMsgr.Exe C:WINDOWSSystem32svchost.exe C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnf.exe C:WINDOWSSystem32MsgSys.EXE C:Documents and SettingsMorten & TildeSkrivebordHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://signon.stofanet.dk[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = http://www.microsoft.com[...] O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:WINDOWSSystem32IEEnhancer.dll O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:DOCUME~1ALLUSE~1APPLIC~1SetupSetup.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file) O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSDownloaded Program Filesridge.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:WINDOWSSystem32apuc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [vptray] C:ProgrammerNavNTvptray.exe O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [DAEMON Tools-1033] "C:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [Adstartup] C:WINDOWSSystem32Adstartup.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program Filesridge.dll",Load O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe O4 - HKLM..Run: [msbb] c:docume~1morten~1lokale~1 empmsbb.exe O4 - HKLM..Run: [Windows SA] C:Program FilesWindowsSAomniscient.exe O4 - HKLM..Run: [System Monitor] C:WINDOWSsystem32SFSVC32.EXE O4 - HKLM..Run: [BullsEye Network] C:ProgrammerBullsEye Networkinargains.exe O4 - HKLM..Run: [CamMonitor] C:ProgrammerHewlett-PackardDigital Imaging\Unloadhpqcmon.exe O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnd.exe O4 - HKLM..Run: [julelgp] C:WINDOWSjulelgp.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [resutils] C:WINDOWSSystem32 esutils.exe O4 - HKCU..Run: [sp] C:sp.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com[...] O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--

#1
Kim In Chul
Supporter
23-09-2004 13:36

Rapporter til Admin

Det var en lidt grim log der... men den skal vi nok få has på:) Start med at deaktivere systemgendannelsen, kør en ny hijackthis og sæt flueben ud for: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext = http://www.microsoft.com[...] O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:WINDOWS waintec.dll O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - C:WINDOWSSystem32IEEnhancer.dll O2 - BHO: (no name) - {2E65A557-173C-4DE9-860B-28FC5CACA542} - C:DOCUME~1ALLUSE~1APPLIC~1SetupSetup.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file) O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:WINDOWSDownloaded Program Filesridge.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:WINDOWSSystem32apuc.dll O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [Adstartup] C:WINDOWSSystem32Adstartup.exe O4 - HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSDownloaded Program Filesridge.dll",Load O4 - HKLM..Run: [alchem] C:WINDOWSalchem.exe O4 - HKLM..Run: [msbb] c:docume~1morten~1lokale~1 empmsbb.exe O4 - HKLM..Run: [Windows SA] C:Program FilesWindowsSAomniscient.exe O4 - HKLM..Run: [System Monitor] C:WINDOWSsystem32SFSVC32.EXE O4 - HKLM..Run: [BullsEye Network] C:ProgrammerBullsEye Networkinargains.exe O4 - HKLM..Run: [julelgp] C:WINDOWSjulelgp.exe O4 - HKCU..Run: [resutils] C:WINDOWSSystem32 esutils.exe O4 - HKCU..Run: [sp] C:sp.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com[...] Luk alle browservinduerne og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet: C:\WINDOWS\twaintec.dll C:\WINDOWS\System32\IEEnhancer.dll C:DOCUME~1ALLUSE~1APPLIC~1SetupSetup.dll (Slet rodmappen) C:\WINDOWS\Downloaded Program Filesridge.dll (Slet rodmappen) C:\WINDOWS\System32\Adstartup.exe C:\WINDOWS\alchem.exe c:docume~1morten~1lokale~1 empmsbb.exe (slet rodmappen) C:\Program Files\WindowsSA\omniscient.exe (Slet windowsSA-mappen) C:\WINDOWS\system32\SFSVC32.EXE C:\Programmer\BullsEye Networkinargains.exe(Sle bullseye -mappen) C:\WINDOWS\julelgp.exe C:\WINDOWS\System32\resutils.exe C:\sp.exe Start derefter op i normal tilstand og smid en ny log herind til kontrol... Mvh. Kim In Chul
--