Endnu en HJTfil

Af Nørd Viper | 23-05-2004 22:14 | 952 visninger | 5 svar, hop til seneste

Håber også der er en der kan fortælle mig hvad jeg skal fjerne for at slippe af med "mysearchnow" og LInkTheFor baren. Min log er som følge: Logfile of HijackThis v1.97.7 Scan saved at 22:12:52, on 23-05-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTSystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:WINNTsystem32hidserv.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32sdpasvc.exe C:WINNTsystem32slserv.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32MsPMSPSv.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.EXE C:WINNTsystem32PRPCUI.exe C:Documents and SettingsAdministratorSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {852C9F50-092D-1B2A-FC30-3D8BEFCB51E3} - C:PROGRA~1SHIMDE~1audiofile.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: LinkTheFor - {7738EE6F-2F11-2745-C608-16E0527CB166} - C:PROGRA~1SHIMDE~1audiofile.dll (file missing) O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM..Run: [CplBCL50] C:ProgrammerEzButtonCplBCL50.EXE O4 - HKLM..Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM..Run: [Apoint] C:ProgrammerApoint2KApoint.exe O4 - HKLM..Run: [MMTray] MMTray.exe O4 - HKLM..Run: [MMTray2K] MMTray2k.exe O4 - HKLM..Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM..Run: [DAEMON Tools-1033] "C:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM..Run: [Mirabilis ICQ] C:ProgrammerICQICQNet.exe O4 - HKLM..Run: [CreateCD50] "C:ProgrammerFælles filerAdaptec SharedCreateCDCreateCD50.exe" -r O4 - HKLM..Run: [AdaptecDirectCD] "C:ProgrammerRoxioEasy CD Creator 5DirectCDDirectCD.exe" O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [ToUcamVProperty] C:PROGRA~1PHILIP~1VProperty.exe O4 - HKLM..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" O4 - HKLM..Run: [ATIPTA] C:PROGRAMMERATI TECHNOLOGIESATI CONTROL PANELATIPTAXX.EXE O4 - HKLM..Run: [XTNDConnect PC - ErPhn2] C:PROGRA~1FLLESF~1XCPCSyncTRANSL~1ErPhn2ErTray.exe O4 - HKLM..Run: [PeakStore] C:PROGRA~1FOURDA~1Debug Draw Balm.exe O4 - HKCU..Run: [StatBar] C:ProgrammerGlobe SoftwareStatBarStatBar.exe O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe O4 - HKCU..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" /WinStart O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - HKCU..RunOnce: [ICQ] C:ProgrammerICQICQ.exe -trayboot O4 - Global Startup: AutoStart IR.lnk = C:ProgrammerWinTVIr.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:ProgrammerFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - C:ProgrammerFlashGetjc_link.htm O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com[...] O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk[...] O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com[...] O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://151.204.174.24[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk[...] O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk[...] På forhånd tak Viper
--

"Det er ikke fordi ting er vanskelige, vi ikke tør. Det er fordi, vi ikke tør, ting er vanskelige."

#1
NeM
Amatør
23-05-2004 22:15

Rapporter til Admin

Format c: ;)
--

#2
Kim In Chul
Maxibruger
23-05-2004 22:36

Rapporter til Admin

Formarter er det sidste man skal gøre... Armageddon plejer at være temmelig god til at gøre ens computere ren... Men her er mit forslag til hva man ska fjerne: Start med at Deaktiver systemgendannelse og sæt flueben ud for disse: O2 - BHO: (no name) - {852C9F50-092D-1B2A-FC30-3D8BEFCB51E3} - C:PROGRA~1SHIMDE~1audiofile.dll (file missing) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: LinkTheFor - {7738EE6F-2F11-2745-C608-16E0527CB166} - C:PROGRA~1SHIMDE~1audiofile.dll (file missing) O4 - HKLM..Run: [XTNDConnect PC - ErPhn2] C:PROGRA~1FLLESF~1XCPCSyncTRANSL~1ErPhn2ErTray.exe O4 - HKLM..Run: [PeakStore] C:PROGRA~1FOURDA~1Debug Draw Balm.exe O4 - HKCU..Run: [StatBar] C:ProgrammerGlobe SoftwareStatBarStatBar.exe O8 - Extra context menu item: Download All by FlashGet - C:ProgrammerFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - C:ProgrammerFlashGetjc_link.htm Mener at man godt kan slette disser filer... Men det er frit valg: O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE Jeg synes at disse filer ser mistænkelige ud men for hellere armageddon til at tjekke det: O4 - HKLM..Run: [MMTray] MMTray.exe O4 - HKLM..Run: [MMTray2K] MMTray2k.exe O4 - HKLM..Run: [MMTrayLSI] MMTrayLSI.exe Hva ved jeg... Få du hellere armageddon til det... //Kim In Chul
--

#3
Armageddon
Maxi Nørd
23-05-2004 22:41

Rapporter til Admin

Det bliver nok lidt af en kamp med at fjerne mysearchnow, da det slet ikke er med i loggen og derfor ikke kan fixes ad den vej. Men vi kan da starte med at fixe de andre ting. Kør en ny scanning med HJT og sæt flueben ved disse: O2 - BHO: (no name) - {852C9F50-092D-1B2A-FC30-3D8BEFCB51E3} - C:PROGRA~1SHIMDE~1audiofile.dll (file missing) O3 - Toolbar: LinkTheFor - {7738EE6F-2F11-2745-C608-16E0527CB166} - C:PROGRA~1SHIMDE~1audiofile.dll (file missing) O4 - HKLM..Run: [PeakStore] C:PROGRA~1FOURDA~1Debug Draw Balm.exe Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand. Find og slet denne: C:\PROGRA~1\FOURDA~1\Debug Draw Balm.exe Genstart normalt. Kør en ny scanning og smid loggen herind. Fortæl om der stadig er problemer.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#4
Viper
Nørd
23-05-2004 23:08

Rapporter til Admin

Jeg takker og bukker. Indtil videre er der intet tegn på uønskede programmer. Min log er som følger: Logfile of HijackThis v1.97.7 Scan saved at 23:06:37, on 23-05-2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTSystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:WINNTsystem32hidserv.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32sdpasvc.exe C:WINNTsystem32slserv.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32MsPMSPSv.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.EXE C:Documents and SettingsAdministratorSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM..Run: [CplBCL50] C:ProgrammerEzButtonCplBCL50.EXE O4 - HKLM..Run: [PRPCMonitor] PRPCUI.exe O4 - HKLM..Run: [Apoint] C:ProgrammerApoint2KApoint.exe O4 - HKLM..Run: [MMTray] MMTray.exe O4 - HKLM..Run: [MMTray2K] MMTray2k.exe O4 - HKLM..Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM..Run: [DAEMON Tools-1033] "C:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM..Run: [Mirabilis ICQ] C:ProgrammerICQICQNet.exe O4 - HKLM..Run: [CreateCD50] "C:ProgrammerFælles filerAdaptec SharedCreateCDCreateCD50.exe" -r O4 - HKLM..Run: [AdaptecDirectCD] "C:ProgrammerRoxioEasy CD Creator 5DirectCDDirectCD.exe" O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [ToUcamVProperty] C:PROGRA~1PHILIP~1VProperty.exe O4 - HKLM..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" O4 - HKLM..Run: [ATIPTA] C:PROGRAMMERATI TECHNOLOGIESATI CONTROL PANELATIPTAXX.EXE O4 - HKLM..Run: [XTNDConnect PC - ErPhn2] C:PROGRA~1FLLESF~1XCPCSyncTRANSL~1ErPhn2ErTray.exe O4 - HKCU..Run: [StatBar] C:ProgrammerGlobe SoftwareStatBarStatBar.exe O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe O4 - HKCU..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" /WinStart O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - HKCU..RunOnce: [ICQ] C:ProgrammerICQICQ.exe -trayboot O4 - Global Startup: AutoStart IR.lnk = C:ProgrammerWinTVIr.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:ProgrammerFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - C:ProgrammerFlashGetjc_link.htm O9 - Extra button: ICQ Pro (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com[...] O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk[...] O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com[...] O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://151.204.174.24[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk[...] O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk[...]
--
"Det er ikke fordi ting er vanskelige, vi ikke tør. Det er fordi, vi ikke tør, ting er vanskelige."

#5
Armageddon
Maxi Nørd
24-05-2004 01:05

Rapporter til Admin

Loggen ser fin og ren ud.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]