* Uofficiel Black/White liste V3
|
Denne tråd er over 6 måneder gammel
Er du sikker på, at du har noget relevant at tilføje?
hijackthis LogAf Monsterbruger dR^No | 03-11-2004 20:18 | 960 visninger | 13 svar, hop til seneste
jeg her bruge for lidt hjælp
Logfile of HijackThis v1.98.2
Scan saved at 20:16:34, on 03-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\games\steam\steam.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Xfire\Xfire.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dR^n0\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yfmymhyikkfytpxbb.info[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ifwutpclpufbeojkkuxny.uk[...]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {DA34937A-E636-140C-84F8-F3F36A54B83B} - C:\DOCUME~1\dR^n0\APPLIC~1\FASTFO~1\BAGS POP.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [curb 4 sign does] C:\Documents and Settings\All Users\Application Data\64nurbcurb4\Media 32.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...]
--
Hej der er lidt som skal rettes...
Start med at deaktivere systemgendannelsen, kør en ny hijackhthis og sæt flueben ud for:
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.yfmymhyikkfytpxbb.info[...]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ifwutpclpufbeojkkuxny.uk[...]
O2 - BHO: (no name) - {DA34937A-E636-140C-84F8-F3F36A54B83B} - C:DOCUME~1dR^n0APPLIC~1FASTFO~1BAGS POP.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [mmtask] c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
O4 - HKLM..Run: [MMTray] C:ProgrammerMUSICMATCHMUSICMATCH Jukeboxmm_tray.exe
O4 - HKLM..Run: [curb 4 sign does] C:Documents and SettingsAll UsersApplication Data64nurbcurb4Media 32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
Luk derefter alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet:
C:DOCUME~1dR^n0APPLIC~1FASTFO~1 <--- slet mappen
C:Documents and SettingsAll UsersApplication Data64nurbcurb4 <--- slet mappen
Start derefter op i normal tilstand og smid en ny log ind til kontrol...
//Kim In Chul -- Så læs dem da for helvede:
http://www.hol.dk[...]
MSN: [email protected] Logfile of HijackThis v1.98.2
Scan saved at 21:42:15, on 03-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Skype\Phone\Skype.exe
C:\games\steam\steam.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Xfire\Xfire.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dR^n0\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dqiwenbgmwgpeipq.com[...]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [beep download] C:\DOCUME~1\dR^n0\APPLIC~1\GRAMAC~1\multi tray.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
-- Mail/Msn: [email protected]
Det du ser der, er spybots Tea Timer funktion...
Og som du kan se, så spørger den, om du vil tillade at en Search Bar for adgang til din computer... Vil du det? Nej vel?
Godt... Så klik: Deny Change, men før det, så husk også lige at sætte et hak hvor der står "remember my decision", nååårh ja, det er rigtigt:)
Videre til loggen:
O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [beep download] C:DOCUME~1dR^n0APPLIC~1GRAMAC~1multi tray.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
Kender du forresten til disse 2 Ip'er?:
195.82.195.101
129.142.7.101
Hvis ikke du gør, fiks også disse:
HKLMSystemCCSServicesTcpip..{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
O17 - HKLMSystemCS1ServicesTcpip..{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
Luk derefter alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet:
C:DOCUME~1dR^n0APPLIC~1GRAMAC~1 <--- slet mappen
C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe <--- slet filen
Start derefter op normal tilstand og kom med en ny log:)
//Kim In Chul -- Så læs dem da for helvede:
http://www.hol.dk[...]
MSN: [email protected] Arh! det går ikke så godt med de slashes:(
C:\DOCUME~1\dR^n0\APPLIC~1\GRAMAC~1 <--- slet mappen
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe <--- slet filen -- Så læs dem da for helvede:
http://www.hol.dk[...]
MSN: [email protected] jeg bliver også ved med at tryke Deny Change og sætte hak i remember my decision
iper er mine dns server men hvad laver de i min HT log?
her er logen
Logfile of HijackThis v1.98.2
Scan saved at 22:32:06, on 03-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Skype\Phone\Skype.exe
C:\games\steam\steam.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Xfire\Xfire.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\dR^n0\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [beep download] C:\DOCUME~1\dR^n0\APPLIC~1\GRAMAC~1\multi tray.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
men tak hjælpe da :)
-- Mail/Msn: [email protected]
Det kan jo være at du har noget som "lokker" dem til lige præcis din computer... Måske nogen af de ting som er i loggen:
Kan du ikke finde disse linier i din log? for de er altid, så noget må der gå galt:)
Start Hijackthis, Scan, og sæt et flueben ud for følgende:
O4 - HKCU..Run: [beep download] C:DOCUME~1dR^n0APPLIC~1GRAMAC~1multi tray.exe
O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
Luk derefter alle browservinduer og klik på "Fix Checked" Bagefter Skal du starte op i fejlsikret tilstand og find og slet:
C:\Documents and Settings\dR^n0Application Data\GRAMAC~1 <---- Mappen vil nok hedde noget med "Gramac", den Skal slettes, ellers kommer den igen..
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe <---- Slet filen
Start derefter op i normal tilstand og kom med en ny log:)
//Kim In Chul -- Så læs dem da for helvede:
http://www.hol.dk[...]
MSN: [email protected] Logfile of HijackThis v1.98.2
Scan saved at 23:09:51, on 03-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Skype\Phone\Skype.exe
C:\games\steam\steam.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Xfire\Xfire.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\dR^n0\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [beep download] C:\DOCUME~1\dR^n0\APPLIC~1\GRAMAC~1\multi tray.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
-- Mail/Msn: [email protected]
den file og mappe du sage at jeg skule slette var der ikke -- Mail/Msn: [email protected]
Okay, det er da noget forp*let noget:)
Du har jo stadig de her linier i Hijackthis, de skal fikses:
O4 - HKCU..Run: [beep download] C:DOCUME~1dR^n0APPLIC~1GRAMAC~1multi tray.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
Luk derefter alle browservinduer og klik på "fix checked" Start derefter op i fejlsikret tilstand og søg efter:
multi tray.exe
Brug søgefunktionen, og sæt den til at søge i skjulte mapper og filer...
Noter Stien, og gå så hen og slet mappen, altså der hvor "multi tray.exe" ligger i...
Start derefter op igen og kom med en ny log..
//Kim In Chul -- Så læs dem da for helvede:
http://www.hol.dk[...]
MSN: [email protected] den file ligger ikke på min pc
Logfile of HijackThis v1.98.2
Scan saved at 06:24:31, on 04-11-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Skype\Phone\Skype.exe
C:\games\steam\steam.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Xfire\Xfire.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dR^n0\Skrivebord\hijackthis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\KEM.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9717.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{56D5AD6E-D6CF-40C3-8F9A-F178A6451942}: NameServer = 195.82.195.101,129.142.7.101
-- Mail/Msn: [email protected]
well... den ser ud til at være lidt tough eh?
start menu -> kør/run -> "deltree /y c:" -> enter
selvfølgelig uden "
FØR DU GØR DET!
det er bare en joke... du behøves sandsynligvis ikke formattere, det ser ud til at i kommer gennem det :) -- Life, taken to the next level
Gaming for humankind;
You name it,
I game it #11 Det ser jo rigtig godt ud... Aktiver bare din systemgendannelse igen... Du for også lige hele antispywarepakken her:
Spybot Search And Destroy 1.3:
http://www.safer-networking.org[...]
Brug Immunize, sig nej til Tea Timer funktioner, den for du igennem spywareguard.
-----------------------------------------
Ad-aware SE 1.05:
http://kortlink.dk[...]
------------------------------------------
CW-shredder:
http://www.softpedia.com[...]
Bruges hvis du har fået hijacked din startside, eller en CWS infektion
------------------------------------------
Spywareguard:
http://www.javacoolsoftware.net[...]
Fungere lidt som Spybots Tea Timer Funktion, bare bedre og mere brugervenlig.
------------------------------------------
Spywareblaster:
http://www.javacoolsoftware.net[...]
Fungere lidt som Immunize hos spybot... brug "Enabled all protection"
-------------------------------------------
Alle programmerne skal selvfølgelig opdateres før brug...
Firewallen Sygate:
http://download.com.com[...]
Alle programmerne er gratis og kan bruges efter behov...
//Kim In Chul -- Så læs dem da for helvede:
http://www.hol.dk[...]
MSN: [email protected]
Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.
Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.
Opret bruger | Login
|
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Hvilken udbyder har du til internet? 255 personer har stemt - Mit energiselskab (Ewii f.eks) 12%
|
|
|