Ufrivillig startside spøger

Hent en hijackthis : http://www.arlet.dk/hjt.htm

og kopier loggen herind

Skal jeg også køre Spybot, som det anbefales på Arlet?

DEt kan du godt gøre først..

Okay, har kørt Spyware, og vil så køre hjt, men programmet går ned hvergang jeg trykker på scan.

prøv med denne version af hijackthis.. gør nogen gang en forskel
http://computercops.biz/zx/Merijn/hijackthis1982.zip

og ellers prøv at køre den i fejlsikret tilstand.

Se det gav dette resultat:

Logfile of HijackThis v1.98.2
Scan saved at 19:55:36, on 11-02-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\passrv.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\j2re1.4.2_02\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\SmartCam 2Mega\ICON.EXE
C:\Programmer\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Programmer\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\Programmer\Outlook Express\Msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Shanne\Lokale indstillinger\Temp\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oddernettet2.dk/teamodder
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\GoogleToolbar_da_1.1.62-deleon.dll
O3 - Toolbar: Jubii - {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} - C:\WINDOWS\DOWNLO~1\jubii.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: SmartCam 2Mega Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} (Jubii) - http://toolbar.min.jubii.dk/toolbar/dk/jubii.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://www.toolbar.google.com/data/da/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/ActiveData.cab

Jeg vil lade Arlet klare opgaven eftersom det er hans log:)

Overtag du bare, kalp

Jeg bliver nødt til at logge af for i dag..

fint.. to sek:)

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

O3 - Toolbar: Jubii - {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} - C:\WINDOWS\DOWNLO~1\jubii.dll
O16 - DPF: {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} (Jubii) - http://toolbar.min.jubii.dk/toolbar/dk/jubii.cab

Find og slet

Denne mappe

C:\WINDOWS\DOWNLO~1\

ps. er der blandede filer fra andre programmer i mappen skal du nøjes med at slette "jubii.dll" som befinder sig i mappen.

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart normalt og smid en ny log fil herind

Her var resultatet efter at have fulgt dine anvisninger; jeg kunne dog ikke finde jubii.dll eller mappen:

Logfile of HijackThis v1.98.2
Scan saved at 20:55:12, on 11-02-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\passrv.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Programmer\Panda Software\Panda Platinum Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programmer\Java\j2re1.4.2_02\bin\jusched.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Programmer\DU Meter\DUMeter.exe
C:\Programmer\SmartCam 2Mega\ICON.EXE
C:\Programmer\Panda Software\Panda Platinum Internet Security\SRVLOAD.EXE
C:\Programmer\Panda Software\Panda Platinum Internet Security\WebProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Shanne\Lokale indstillinger\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oddernettet2.dk/teamodder
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\GoogleToolbar_da_1.1.62-deleon.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\PROGRA~1\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Platinum Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: SmartCam 2Mega Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://www.toolbar.google.com/data/da/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {71AEE1E3-1B65-41FA-BBD2-565CBD1359D8} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSPInstall0703.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/ActiveData.cab

okay.. nu skal du bare finde ud af om jubii maser sig på mere:)

Det ser det ikke ud til, så tusind tak for hjælpen.

selv tak:)) og den burde også være væk eftersom vi slettede den:)

Hej, Jeg prøver lige at smide en kommentar her
Kigger I Sikkerheds gutter nogensinde under internetafdelingen?

Gider nogen kigge her:

http://www.eksperten.dk/spm/590381

Vil helst ikke forvirre ved at oprette spørgsmålet igen?? eller??

ahh gør ikke noget:) kan du ikke lige gøre som arlet skriver i sin første kommentar herinde.. og smide en log ind i dit spørgsmål.. så kigger jeg på det