CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

eyeless Nybegynder

08. juni 2005 - 16:23 Der er 4 kommentarer og
2 løsninger

hijack this

ja i kender det :-)
her er min log

Logfile of HijackThis v1.99.1
Scan saved at 16:18:19, on 08-06-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\antispyware\smc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\hduukd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Messenger\msmsgs.exe
C:\PROGRA~1\aim\aim.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\antispyware\SpywareGuard\sgmain.exe
C:\Programmer\antispyware\SpywareGuard\sgbhp.exe
C:\Programmer\Winamp\winamp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Guitar Pro 4 Demo\GP4Demo.exe
C:\Programmer\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\antispyware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\antispyware\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ANTISP~1\smc.exe -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [agkqvi] c:\windows\system32\hduukd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\antispyware\SpywareGuard\sgmain.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinDVD 4.lnk = C:\Programmer\InterVideo\WinDVD4\WinDVD.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/137980d7ad8321965306/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095758907263
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\antispyware\smc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Synes godt om

arlet Juniormester

08. juni 2005 - 19:02 #1

tjekker den nu

Synes godt om

arlet Juniormester

08. juni 2005 - 19:05 #2

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause(det er ikke det bedste program at have, hvis man vil undgå snavs)
O4 - HKLM\..\Run: [agkqvi] c:\windows\system32\hduukd.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :

C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
c:\windows\system32\hduukd.exe
C:\WINDOWS\svcproc.exe

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido

Synes godt om

eyeless Nybegynder

09. juni 2005 - 08:02 #3

ok så er det gjort men jeg kunne ikke finde, c:\windows\system32\hduukd.exe
og
O4 - HKLM\..\Run: [agkqvi] c:\windows\system32\hduukd.exe
tror måske at programmet skifter navn, for der er altid forskellige programmer der forsøger at komme i kontakt med den samme hjemmeside.

men her er de to log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 02:12:16, 09-06-2005
+ Report-Checksum: 32A812D0

+ Date of database: 08-06-2005
+ Version of scan engine: v3.0

+ Duration: 93 min
+ Scanned Files: 130100
+ Speed: 23.29 Files/Second
+ Infected files: 118
+ Removed files: 59
+ Files put in quarantine: 59
+ Files that could not be opened: 0
+ Files that could not be cleaned: 59

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
C:\

+ Scan result:
C:\Documents and Settings\All Users\Dokumenter\install.exe.mwt -> Backdoor.Robobot.w -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1351182[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@247realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@2713995[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@60960915[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.addynamix[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.euniverseads[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.vnuemedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads18.bpath[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ar.atwola[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@clkhype.adbureau[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@landing.domainsponsor[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@list[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@mv.valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@sdc.shockwave[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@servedby.netshelter[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@server.iad.liveperson[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@spylog[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@stat.onestat[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.altnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.musictalk[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Programmer\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@valueclick[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\All Users\Dokumenter\install.exe.mwt -> Backdoor.Robobot.w -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@1351182[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@247realmedia[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@2713995[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@60960915[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.addynamix[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.euniverseads[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads.vnuemedia[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ads18.bpath[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@ar.atwola[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@bravenet[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@burstnet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@clkhype.adbureau[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@com[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@geocities[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@gostats[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@landing.domainsponsor[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@list[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@mv.valueclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@overture[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@realmedia[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@real[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@sdc.shockwave[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@search.msn[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@servedby.netshelter[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@server.iad.liveperson[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@spylog[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@stat.onestat[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@valueclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.altnet[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.musictalk[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@www.real[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@xiti[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Poul Ottesen\Cookies\poul ottesen@zedo[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Programmer\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Error during cleaning
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@advertising[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@burstnet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@fastclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@valueclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Cookies\poul ottesen@valueclick[3].txt -> Spyware.Tracking-Cookie -> Error during cleaning

::Report End

og

Logfile of HijackThis v1.99.1
Scan saved at 02:14:29, on 09-06-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Programmer\hijack\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\antispyware\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\antispyware\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Programmer\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ANTISP~1\smc.exe -startgui
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Programmer\antispyware\SpywareGuard\sgmain.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinDVD 4.lnk = C:\Programmer\InterVideo\WinDVD4\WinDVD.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\aim\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/137980d7ad8321965306/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095758907263
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\hijack\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\hijack\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\antispyware\smc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Synes godt om

arlet Juniormester

09. juni 2005 - 20:44 #4

Hent denne lille fil og pak den ud til dit Skrivebord:

http://users.pandora.be/bluepatchy/nailfix.zip

Genstart herefter i Fejlsikret tilstand.

Dobbeltklik på nailfix.cmd, som du hentede og pakkede ud før.

derefter fix i hijackthis:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

-------------------------

Klik på Start->Kør skriv Regedit klik OK.
Du får et vindue lidt som Stifinder, klik dig frem til:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\System Startup Service
Højreklik på den, og slet den, hvis den findes.
Klik dig så frem til:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_System Startup Service
Højreklik på den, og slet den, hvis den findes.
Får du ikke lov til at slette den, klik en gang på den, så den er markeret, vælg rediger, vælg tilladelser og tag fuld kontrol over nøglen, så kan du slette den.

genstart normalt og ny hijackthis log

Synes godt om

eyeless Nybegynder

10. juni 2005 - 00:22 #5

jeg kan ikke hente nailfix.zip
siden blev ikke fundet

Synes godt om

arlet Juniormester

10. juni 2005 - 17:23 #6

Denne virker: http://www.noidea.us/easyfile/file.php?download=20050515010747824

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS