Søg
Avatar billede bravida Nybegynder
02. januar 2005 - 00:03 Der er 10 kommentarer og
1 løsning

HijackThis log

En ven af mig har haft besøg af en hakker så alle koder er lavet om på vedkommende PCer. Håber at man kan se noget i denne log.

Logfile of HijackThis v1.98.2
Scan saved at 23:44:00, on 01-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\NOSPY.ORG\start1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JAN240~1\LOCALS~1\Temp\Temporary Directory 1 for
hijackthis.zip\hijackthis.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.com/
O2 - BHO: DOMP Class - {4C1B116F-2860-46db-8E6C-B4BFC4DFD683} -
C:\WINDOWS\ietlbass.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared
Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Port Monster.LNK = C:\Program Files\Zing Software\Port
Monster\pm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no
file)
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control
Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Avatar billede kalp Novice
02. januar 2005 - 00:09 #1
Jeg kigger lige din log igennem.. den er i hvertfald ikke fri for spyware
Avatar billede kalp Novice
02. januar 2005 - 00:26 #2
sorry det tog lidt tid:)

Marker disse i hijackthis og vælge fixed checked..

O2 - BHO: DOMP Class - {4C1B116F-2860-46db-8E6C-B4BFC4DFD683} -
C:\WINDOWS\ietlbass.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [STARTPAGE] C:\NOSPY.ORG\start1.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
http://www.errorguard.com/installation/Install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control
Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

Genstart i fejlsikret tilstand find og slet denne mappe

C:\NOSPY.ORG\start1.exe

nu du er her.. lav en scan i fejlsikret tilstand og se om der er noget fra det overover som er vendt tibage.. hvis ja .. fix det..genstart og smid en ny log herind:)
Avatar billede kalp Novice
02. januar 2005 - 00:27 #3
hvis nospy er noget du kender til og kan stå indenfor så skal du ikke slette den!
Avatar billede kalp Novice
02. januar 2005 - 01:07 #4
Du sover nok nu hehe, men fix denne i hijackthis...

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe

lukke dette vindue ned nu og kigger ind igen i morgen:)
Avatar billede serverservice Praktikant
02. januar 2005 - 01:18 #5
->kalp det er nu ikke for at kritisere din rensning men jeg mener ikke den sidste streng skal fixes, denne:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
Avatar billede kalp Novice
02. januar 2005 - 01:22 #6
dannyboyd>> Det gør ikke noget du kritisere:) men den "skal" ikke fixes... men den "kan" fixes... uden det vil skade noget som helst:)
Avatar billede kalp Novice
02. januar 2005 - 01:27 #7
Mit forsvar er egentlig bare, at det vil optimere systemet... måske ikke med overdrevet meget nu hvor det kun drejer sig om et enkelt element:)
Avatar billede bravida Nybegynder
02. januar 2005 - 14:41 #8
Ny log efter henvisning.

Scan saved at 14:33:46, on 02-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\DOCUME~1\JAN240~1\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis.zip\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.com/
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared
Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Port Monster.LNK = C:\Program Files\Zing Software\Port
Monster\pm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Avatar billede kalp Novice
02. januar 2005 - 14:59 #9
Der er lige kommet en ny..

fix denne i hijackthis..

O13 - WWW. Prefix: http://ehttp.cc/?

genstart og ny log..

http://www.spywarefri.dk/pakken.htm
Det nok en god ide med lidt ekstra beskyttelse
Avatar billede bravida Nybegynder
02. januar 2005 - 19:51 #10
HijackThis v1.98.2
Scan saved at 17:50:13, on 02-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\JAN240~1\LOCALS~1\Temp\Temporary Directory 4 for
hijackthis.zip\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.com/
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared
Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: Port Monster.LNK = C:\Program Files\Zing Software\Port
Monster\pm.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Avatar billede kalp Novice
02. januar 2005 - 19:56 #11
Din nye log er ren:)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
IT-JOB
Seneste spørgsmål Seneste aktivitet
I går 14:15 PHP Html Af Asky i Programmeringsværktøjer
I går 11:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
06/0516:53 HTML Af Asky i Programmeringsværktøjer
06/0510:01 Mister internettet efter slumre, Af valby i Windows
05/0513:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
White papers
Flere white papers »