Hijackthis log

Af Monsterbruger Cypherhead | 10-06-2004 17:20 | 871 visninger | 5 svar, hop til seneste

Så kom turen endelig til mig... Er der nogen der kan se hvad jeg skal gøre?: Logfile of HijackThis v1.97.7 Scan saved at 17:18:59, on 10-06-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgrammerTGTSoftStyleXPStyleXPService.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32ctfmon.exe C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe D:PROGRA~1AVG6avgcc32.exe C:documents and settings eodokumentersetup.exe C:ProgrammerQuickTimeqttask.exe D:ProgrammerICQLiteICQLite.exe C:ProgrammerFælles filerRealUpdate_OB ealsched.exe D:ProgrammerDaemon Toolsdaemon.exe C:ProgrammerMessenger Plus! 2MsgPlus.exe C:WINDOWSSystem32RUNDLL32.EXE D:ProgrammerSkypeSkype.exe C:ProgrammerTGTSoftStyleXPStyleXP.exe D:programmersteamsteam.exe C:ProgrammerNetropaMultimedia Keyboard hksrv.exe D:ProgrammerCainAbel.exe C:ProgrammerApache GroupApacheApache.exe C:ProgrammerApache GroupApacheApache.exe D:PROGRA~1AVG6avgserv.exe C:WINDOWSSystem32CTsvcCDA.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe C:ProgrammerNetropaOnscreen DisplayOSD.exe C:mysqlinmysqld-nt.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:ProgrammerMSN Messengermsnmsgr.exe C:WINDOWSSystem32MsPMSPSv.exe D:PROGRA~1MOZILL~1FIREFOX.EXE E:Downloadshjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ralc.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:ProgrammerAdobe ReaderReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {6DE01E38-9ABC-408D-F326-9C3BCC7D2C10} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmergooglegoogletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmergooglegoogletoolbar2.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE O4 - HKLM..Run: [CTStartup] "C:ProgrammerCreativeSplash ScreenCTEaxSpl.EXE" /run O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe O4 - HKLM..Run: [AVG_CC] D:PROGRA~1AVG6avgcc32.exe /STARTUP O4 - HKLM..Run: [Windows Accelerators ] c:documents and settings eodokumentersetup.exe O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [ICQ Lite] D:ProgrammerICQLiteICQLite.exe -minimize O4 - HKLM..Run: [TkBellExe] "C:ProgrammerFælles filerRealUpdate_OB ealsched.exe" -osboot O4 - HKLM..Run: [IMJPMIG8.1] C:WINDOWSIMEimjp8_1IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSSystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerDaemon Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU..Run: [Skype] "D:ProgrammerSkypeSkype.exe" /nosplash /minimized O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [Steam] "d:programmersteamsteam.exe" -silent O4 - HKCU..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" /WinStart O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - HKCU..RunOnce: [ICQ Lite] D:ProgrammerICQLiteICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: &Google Search - res://c:programmergoogleGoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:programmergoogleGoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:programmergoogleGoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - D:ProgrammerGetRightGRdownload.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:ProgrammerGetRightGRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://c:programmergoogleGoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:programmergoogleGoogleToolbar2.dll/cmtrans.html O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com[...] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67[...] O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...]
--

Pi is exactly equal to 3!

#1
Armageddon
Moderator
10-06-2004 17:56

Rapporter til Admin

Inden vi går videre vil jeg gerne vide om du selv har installeret Cain som er et password cracker program samt Windows Accelerators som er en keylogger?. Hvis det er tilfældet er det egentlig ikke nødvendigt at gøre noget ved loggen.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#2
Cypherhead
Monsterbruger
10-06-2004 17:59

Rapporter til Admin

Jeg har ikke installeret det der accellerator...
--
Pi is exactly equal to 3!

#3
Armageddon
Moderator
10-06-2004 18:06

Rapporter til Admin

Jamen, så prøver vi. Start med at deaktivere systemgendannelse. Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Afinstaller Cain i Tilføj/fjern programmer (hvis du vil fortsætte med at bruge programmet skal du ikke gøre det). Kør en ny scanning med HJT og sæt flueben ved disse: O2 - BHO: (no name) - {6DE01E38-9ABC-408D-F326-9C3BCC7D2C10} - (no file) O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE O4 - HKLM..Run: [Windows Accelerators ] c:documents and settings eodokumentersetup.exe O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [TkBellExe] "C:ProgrammerFælles filerRealUpdate_OB ealsched.exe" -osboot O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet disse: C:\documents and settings\ eo\dokumenter\setup.exe D:\Programmer\Cain\Abel.exe (tjek at mappen er helt væk, ellers slet den - igen afhængig af om du beholder programmet) Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#4
Cypherhead
Monsterbruger
10-06-2004 18:35

Rapporter til Admin

Logfile of HijackThis v1.97.7 Scan saved at 18:34:57, on 10-06-2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgrammerTGTSoftStyleXPStyleXPService.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSystem32ctfmon.exe C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe D:PROGRA~1AVG6avgcc32.exe D:ProgrammerICQLiteICQLite.exe D:ProgrammerDaemon Toolsdaemon.exe C:ProgrammerMessenger Plus! 2MsgPlus.exe C:WINDOWSSystem32RUNDLL32.EXE D:ProgrammerSkypeSkype.exe C:ProgrammerTGTSoftStyleXPStyleXP.exe D:programmersteamsteam.exe C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe C:ProgrammerNetropaOnscreen DisplayOSD.exe C:ProgrammerNetropaMultimedia Keyboard hksrv.exe D:ProgrammerCainAbel.exe C:ProgrammerApache GroupApacheApache.exe C:ProgrammerApache GroupApacheApache.exe C:ProgrammerMSN Messengermsnmsgr.exe D:PROGRA~1AVG6avgserv.exe C:WINDOWSSystem32CTsvcCDA.exe C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:mysqlinmysqld-nt.exe C:WINDOWSSystem32 vsvc32.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32MsPMSPSv.exe C:WINDOWSSystem32wuauclt.exe E:Downloadshjt.exe D:PROGRA~1MOZILL~1FIREFOX.EXE R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.ralc.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:ProgrammerAdobe ReaderReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmergooglegoogletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmergooglegoogletoolbar2.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [CTStartup] "C:ProgrammerCreativeSplash ScreenCTEaxSpl.EXE" /run O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe O4 - HKLM..Run: [AVG_CC] D:PROGRA~1AVG6avgcc32.exe /STARTUP O4 - HKLM..Run: [ICQ Lite] D:ProgrammerICQLiteICQLite.exe -minimize O4 - HKLM..Run: [IMJPMIG8.1] C:WINDOWSIMEimjp8_1IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM..Run: [MSPY2002] C:WINDOWSSystem32IMEPINTLGNTImScInst.exe /SYNC O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /SYNC O4 - HKLM..Run: [PHIME2002A] C:WINDOWSSystem32IMETINTLGNTTINTSETP.EXE /IMEName O4 - HKLM..Run: [DAEMON Tools-1033] "D:ProgrammerDaemon Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [Windows Accelerators ] c:documents and settings eodokumentersetup.exe O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU..Run: [Skype] "D:ProgrammerSkypeSkype.exe" /nosplash /minimized O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [Steam] "d:programmersteamsteam.exe" -silent O4 - HKCU..Run: [MessengerPlus2] "C:ProgrammerMessenger Plus! 2MsgPlus.exe" /WinStart O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - HKCU..RunOnce: [ICQ Lite] D:ProgrammerICQLiteICQLite.exe -trayboot O8 - Extra context menu item: &Google Search - res://c:programmergoogleGoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://c:programmergoogleGoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:programmergoogleGoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - D:ProgrammerGetRightGRdownload.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - D:ProgrammerGetRightGRbrowse.htm O8 - Extra context menu item: Si&milar Pages - res://c:programmergoogleGoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:programmergoogleGoogleToolbar2.dll/cmtrans.html O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com[...] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67[...] O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...] Jeg valgte så ikke at fjerne Cain
--
Pi is exactly equal to 3!

#5
Cypherhead
Monsterbruger
10-06-2004 18:36

Rapporter til Admin

Og i øvrigt, mange tusind tak for hjælpen Armageddon :)
--
Pi is exactly equal to 3!