HiJackThis for me :)

Af Supporter -=]CarlsberG[=- | 27-10-2004 19:33 | 1165 visninger | 6 svar, hop til seneste

En der gider analysere denne for mig? :P Har på fornemmelsen at der er en masse lort på computeren.. Eller... Jeg ved det.. Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSSystem32 vsvc32.exe C:ProgrammerTrend MicroPC-cillin 2002Tmntsrv.exe C:WINDOWSSystem32MsPMSPSv.exe C:ProgrammerTrend MicroPC-cillin 2002PCCPFW.exe C:WINDOWSSOUNDMAN.EXE C:WINDOWSSystem32wuauclt.exe C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe D:ProgrammerD-Toolsdaemon.exe C:WINDOWSSystem32MMTrayLSI.exe C:WINDOWSSystem32MMTray2k.exe C:WINDOWSSystem32MMTray.exe C:ProgrammerCSBBCSV7P070.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerMSN MessengerMsnMsgr.Exe D:ProgrammerHiJackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:ProgrammerSurfSideKick 2SskBho.dll O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:ProgrammerCSBBCSBB.DLL O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:WINDOWSHelper100.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [pccguide.exe] "C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe" O4 - HKLM..Run: [PCCClient.exe] "C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe" O4 - HKLM..Run: [Pop3trap.exe] "C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [MMTrayLSI] C:WINDOWSSystem32MMTrayLSI.exe O4 - HKLM..Run: [MMTray2K] C:WINDOWSSystem32MMTray2k.exe O4 - HKLM..Run: [MMTray] C:WINDOWSSystem32MMTray.exe O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [Overnet] D:ProgrammerOvernetOvernet.exe -t O4 - HKLM..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: Download All by FlashGet - D:PROGRA~1FlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - D:PROGRA~1FlashGetjc_link.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--

#1
Kim In Chul
Super Supporter
27-10-2004 19:52

Rapporter til Admin

Hej du har lidt som skal fikses... Men start først med at fjerne overnet via Tilføj/fjern programmer. Bagefter deaktiver systemgendannelsen, og kør en ny hijackthis og sæt flueben ud for: R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:ProgrammerSurfSideKick 2SskBho.dll O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:ProgrammerCSBBCSBB.DLL O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:WINDOWSHelper100.dll O4 - HKLM..Run: [MMTrayLSI] C:WINDOWSSystem32MMTrayLSI.exe O4 - HKLM..Run: [MMTray2K] C:WINDOWSSystem32MMTray2k.exe O4 - HKLM..Run: [MMTray] C:WINDOWSSystem32MMTray.exe O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [Overnet] D:ProgrammerOvernetOvernet.exe -t <---- Kan være forsvundet pga. uninstall O4 - HKLM..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O4 - HKCU..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE Luk derefter alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet: C:\Programmer\SurfSideKick 2Ssk.exe<---- Rodmappen Start derefter op i normal tilstand og smid en ny log ind til kontrol... //Kim In Chul
--
Så læs dem da for helvede: http://www.hol.dk[...] MSN: [email protected]

#2
-=]CarlsberG[=-
Supporter
27-10-2004 21:20

Rapporter til Admin

Så langt så godt :P Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSSOUNDMAN.EXE C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe D:ProgrammerD-Toolsdaemon.exe C:WINDOWSSystem32MMTrayLSI.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:WINDOWSSystem32 vsvc32.exe C:ProgrammerTrend MicroPC-cillin 2002Tmntsrv.exe C:WINDOWSSystem32MsPMSPSv.exe C:ProgrammerTrend MicroPC-cillin 2002PCCPFW.exe D:ProgrammerHiJackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:ProgrammerSurfSideKick 2SskBho.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [pccguide.exe] "C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe" O4 - HKLM..Run: [PCCClient.exe] "C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe" O4 - HKLM..Run: [Pop3trap.exe] "C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [MMTrayLSI] C:WINDOWSSystem32MMTrayLSI.exe O4 - HKLM..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O8 - Extra context menu item: Download All by FlashGet - D:PROGRA~1FlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - D:PROGRA~1FlashGetjc_link.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] Kan næsten regne ud jeg skal prøve at fjerne denne igen? O4 - HKCU..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe
--

#3
Kim In Chul
Super Supporter
27-10-2004 21:27

Rapporter til Admin

Der mangler desværre lidt endnu... Fiks disse i hijackthis: R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:ProgrammerSurfSideKick 2SskBho.dll (file missing) O4 - HKLM..Run: [MMTrayLSI] C:WINDOWSSystem32MMTrayLSI.exe O4 - HKLM..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe O4 - HKCU..Run: [SurfSideKick 2] C:ProgrammerSurfSideKick 2Ssk.exe Start derefter op i fejlsikret tilstand og tjek om den stadig er der: C:\Programmer\SurfSideKick 2Ssk.exe <---- Rodmappen, hvis den stadig er der så slet den Start op normalt og smid en ny log //Kim In Chul
--
Så læs dem da for helvede: http://www.hol.dk[...] MSN: [email protected]

#4
-=]CarlsberG[=-
Supporter
27-10-2004 21:47

Rapporter til Admin

Endnu en log :) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe D:ProgrammerD-Toolsdaemon.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:WINDOWSSystem32 vsvc32.exe C:ProgrammerTrend MicroPC-cillin 2002Tmntsrv.exe C:WINDOWSSystem32MsPMSPSv.exe C:ProgrammerTrend MicroPC-cillin 2002PCCPFW.exe D:ProgrammerHiJackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [pccguide.exe] "C:ProgrammerTrend MicroPC-cillin 2002pccguide.exe" O4 - HKLM..Run: [PCCClient.exe] "C:ProgrammerTrend MicroPC-cillin 2002PCCClient.exe" O4 - HKLM..Run: [Pop3trap.exe] "C:ProgrammerTrend MicroPC-cillin 2002Pop3trap.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O8 - Extra context menu item: Download All by FlashGet - D:PROGRA~1FlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - D:PROGRA~1FlashGetjc_link.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--

#5
Kim In Chul
Super Supporter
27-10-2004 22:06

Rapporter til Admin

Jamen -=]CarlsberG[=- dog! Den er ren:) Aktiver bare systemgendannelsen igen... Udover det for du lige hele antispywarepakken: Spywareprogrammer, med scanner: Spybot Search And Destroy 1.3: http://www.safer-networking.org[...] Brug Immunize ----------------------------------------- Ad-aware SE 1.05: http://kortlink.dk[...] ------------------------------------------ CW-shredder: http://www.softpedia.com[...] ------------------------------------------ Spywareguard: http://www.javacoolsoftware.net[...] Fungere lidt som Spybots Tea Timer Funktion, bare bedre og mere brugervenlig. ------------------------------------------ Spywareblaster: http://www.javacoolsoftware.net[...] Fungere lidt som Immunize hos spybot... brug "Enabled all protection" ------------------------------------------- Alle programmerne skal selvfølgelig opdateres før brug... Firewallen Sygate: http://download.com.com[...] Alle programmer er gratis og kan selvfølgelig bare frit benyttes efter behov... //Kim In Chul
--
Så læs dem da for helvede: http://www.hol.dk[...] MSN: [email protected]

#6
-=]CarlsberG[=-
Supporter
27-10-2004 22:32

Rapporter til Admin

#5 Fint :) Tusind tak for hjælpen.. Skal nok vende frygteligt tilbage hvis jeg synes der er problemer igen :) Takker for links ;) Selvom jeg har et par stykker af dem :) Fortsat god aften
--