hjt log

Af Ultrabruger knudsen69 | 01-09-2004 17:22 | 759 visninger | 4 svar, hop til seneste

hey ville høre om der var nogle der ville tjekke min log for mig.. Logfile of HijackThis v1.97.7 Scan saved at 17:22:27, on 01-09-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE D:ProgrammerLogitechiTouchiTouch.exe D:ProgrammerLogitechMouseWaresystemem_exec.exe C:WINDOWSSystem32RUNDLL32.EXE D:ProgrammerAVPersonalAVGNT.EXE D:ProgrammerD-Toolsdaemon.exe D:Programmerone LabsoneAlarmzlclient.exe D:ProgrammerMotherboard Monitor 5MBM5.EXE C:WINDOWSSystem32LVCOMSX.EXE D:ProgrammerLogitechVideoLogiTray.exe D:ProgrammerWinampwinampa.exe C:WINDOWSSystem32ctfmon.exe D:ProgrammerWinTVIr.exe D:ProgrammerLogitechVideoFxSvr2.exe D:ProgrammerAVPersonalAVGUARD.EXE D:ProgrammerAVPersonalAVWUPSRV.EXE C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32oneLabsvsmon.exe C:ProgrammerMSN Messengermsnmsgr.exe C:ProgrammerInternet Exploreriexplore.exe D:ProgrammerSkypePhoneSkype.exe D:ProgrammerWinampwinamp.exe C:Documents and SettingsThomas KnudsenSkrivebordHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://hot-searches.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://hot-searches.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.games-fusion.net[...] R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O1 - Hosts file is located at: C:WINDOWS sdbhosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:ProgrammerSpybot - Search & DestroySDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [zBrowser Launcher] D:ProgrammerLogitechiTouchiTouch.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [AVGCtrl] "D:ProgrammerAVPersonalAVGNT.EXE" /min O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [Zone Labs Client] "D:Programmerone LabsoneAlarmzlclient.exe" O4 - HKLM..Run: [MBM 5] "D:ProgrammerMotherboard Monitor 5MBM5.EXE" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [LVCOMSX] C:WINDOWSSystem32LVCOMSX.EXE O4 - HKLM..Run: [LogitechVideoRepair] D:ProgrammerLogitechVideoISStart.exe O4 - HKLM..Run: [LogitechVideoTray] D:ProgrammerLogitechVideoLogiTray.exe O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - Global Startup: AutoStart IR.lnk = D:ProgrammerWinTVIr.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000 O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--

P4 2.4c @ 3.12, Thermalright SP-94, Abit IC7-G, Hitachi Deskstar 7K250 120GB SATA, Geforce4 TI4200 128mb, 2*256mb CorsairCMX256A pc3200 2-6-3-2, Plextor PX-712A dvd-brænder, Chieftec Matrix sort..

#1
Kim In Chul
Semi Supporter
01-09-2004 17:27

Rapporter til Admin

Hej du har lidt som skal fikses... Start med at deaktivere systemgendannelsen, kør en ny hijackthis og sæt flueben ud for: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://hot-searches.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://hot-searches.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.games-fusion.net[...] R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com* R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O1 - Hosts file is located at: C:WINDOWS sdbhosts O1 - Hosts: 81.211.105.69 lender-search.com O1 - Hosts: 81.211.105.68 hot-searches.com O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k Luk alle browservinduer og klik på " Fix checked" Start derefter op i fejlsikret tilstand og find og slet: C:WINDOWS sdbhosts (Noter venligst at der ikke er tale om svchost.exe, den må jo ikke slettes;)) Start derefter op i normal tilstand og smid en ny log herind til kontrol. //Kim In Chul
--

#2
knudsen69
Ultrabruger
01-09-2004 18:01

Rapporter til Admin

Logfile of HijackThis v1.97.7 Scan saved at 18:00:46, on 01-09-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE D:ProgrammerLogitechiTouchiTouch.exe C:WINDOWSSystem32RUNDLL32.EXE D:ProgrammerLogitechMouseWaresystemem_exec.exe D:ProgrammerAVPersonalAVGNT.EXE D:ProgrammerD-Toolsdaemon.exe D:Programmerone LabsoneAlarmzlclient.exe D:ProgrammerMotherboard Monitor 5MBM5.EXE C:WINDOWSSystem32LVCOMSX.EXE D:ProgrammerLogitechVideoLogiTray.exe D:ProgrammerWinampwinampa.exe C:WINDOWSSystem32ctfmon.exe D:ProgrammerWinTVIr.exe D:ProgrammerAVPersonalAVGUARD.EXE D:ProgrammerAVPersonalAVWUPSRV.EXE C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32oneLabsvsmon.exe D:ProgrammerLogitechVideoFxSvr2.exe C:ProgrammerInternet Exploreriexplore.exe C:ProgrammerMSN Messengermsnmsgr.exe C:Documents and SettingsThomas KnudsenSkrivebordHijackThis.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:ProgrammerSpybot - Search & DestroySDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [zBrowser Launcher] D:ProgrammerLogitechiTouchiTouch.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [AVGCtrl] "D:ProgrammerAVPersonalAVGNT.EXE" /min O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [Zone Labs Client] "D:Programmerone LabsoneAlarmzlclient.exe" O4 - HKLM..Run: [MBM 5] "D:ProgrammerMotherboard Monitor 5MBM5.EXE" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [LVCOMSX] C:WINDOWSSystem32LVCOMSX.EXE O4 - HKLM..Run: [LogitechVideoRepair] D:ProgrammerLogitechVideoISStart.exe O4 - HKLM..Run: [LogitechVideoTray] D:ProgrammerLogitechVideoLogiTray.exe O4 - HKLM..Run: [WinampAgent] D:ProgrammerWinampwinampa.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - Global Startup: AutoStart IR.lnk = D:ProgrammerWinTVIr.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000 O9 - Extra button: Opslag (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...]
--
P4 2.4c @ 3.12, Thermalright SP-94, Abit IC7-G, Hitachi Deskstar 7K250 120GB SATA, Geforce4 TI4200 128mb, 2*256mb CorsairCMX256A pc3200 2-6-3-2, Plextor PX-712A dvd-brænder, Chieftec Matrix sort..

#3
Armageddon
Moderator
01-09-2004 18:04

Rapporter til Admin

Kim er blevet rigtig skrap til det og fik det hele i et hug så din log nu er helt ren. Du kan godt aktivere systemgendannelse igen.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#4
knudsen69
Ultrabruger
01-09-2004 18:06

Rapporter til Admin

okay takker for hjælpen..!
--
P4 2.4c @ 3.12, Thermalright SP-94, Abit IC7-G, Hitachi Deskstar 7K250 120GB SATA, Geforce4 TI4200 128mb, 2*256mb CorsairCMX256A pc3200 2-6-3-2, Plextor PX-712A dvd-brænder, Chieftec Matrix sort..