• Forum
      /  
    Software
      /  
    Sikkerhed
  • 22-09-2004 · 23:06 882 visninger 1 svar
  • Denne tråd er over 6 måneder gammel

    Er du sikker på, at du har noget relevant at tilføje?

  • Hjælp til HJT log

    Af Shibby Ny på siden
Hvad skal være der og hvad skal ikke være der?

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgrammerTGTSoftStyleXPStyleXPService.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgrammerAlwil SoftwareAvast4aswUpdSv.exe
C:ProgrammerAlwil SoftwareAvast4ashServ.exe
C:ProgrammerISSBlackICElackd.exe
C:ProgrammerFælles filerMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32update2.exe
C:WINDOWSSystem32csrse.exe
C:ProgrammerATI TechnologiesATI Control Panelatiptaxx.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
C:ProgrammerMessenger Plus! 3MsgPlus.exe
C:ProgrammerABITABIT uGuruuGuru.exe
C:ProgrammerWinampwinampa.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I0F2.EXE
C:ProgrammerABITABIT uGuruuGuru_Event_Receiver.exe
C:ProgrammerLogitechiTouchiTouch.exe
C:ProgrammerJavaj2re1.4.2_05injusched.exe
C:ProgrammerLogitechMouseWaresystemem_exec.exe
C:ProgrammerWebrootSpy SweeperSpySweeper.exe
C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
C:ProgrammerTGTSoftStyleXPStyleXP.exe
C:ProgrammerMeayaPopup Ad FilterPopFilter.exe
C:ProgrammerISSBlackICElackice.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32wbemwmiprvse.exe
C:Documents and SettingsEsben Fogh NielsenSkrivebordHijackThishijackthis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgrammerSpybot - Search & DestroySDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [zervpack2] update2.exe
O4 - HKLM..Run: [Microsoft Registry] csrse.exe
O4 - HKLM..Run: [ATIPTA] C:ProgrammerATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1Avast4ashmaisv.exe
O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe"
O4 - HKLM..Run: [ABIT uGuru] C:ProgrammerABITABIT uGuruuGuru.exe
O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [EPSON Stylus Photo R300 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM..Run: [zBrowser Launcher] C:ProgrammerLogitechiTouchiTouch.exe
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_05injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [REEGRUN] C:index.exe
O4 - HKLM..RunServices: [zervpack2] update2.exe
O4 - HKLM..RunServices: [Microsoft Registry] csrse.exe
O4 - HKCU..Run: [Microsoft Registry] csrse.exe
O4 - HKCU..Run: [SpySweeper] "C:ProgrammerWebrootSpy SweeperSpySweeper.exe" /0
O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart
O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [STYLEXP] C:ProgrammerTGTSoftStyleXPStyleXP.exe -Hide
O4 - HKCU..Run: [Popup Ad Filter] C:ProgrammerMeayaPopup Ad FilterPopFilter.exe
O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - Global Startup: BlackICE PC Protection.lnk = C:ProgrammerISSBlackICElackice.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe
O8 - Extra context menu item: Allow Popups - C:ProgrammerMeayaPopup Ad FilterWhiteGetUrl.js
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f......
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c......
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/.../...
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/......


Supporter
22-09-2004 23:14
Puhh... Det er lidt af en inficeret log du har der...

Start med at deaktivere systemgendannelsen, kør en ny hijackthis og sæt flueben ud for:

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk
O4 - HKLM..Run: [zervpack2] update2.exe
O4 - HKLM..Run: [Microsoft Registry] csrse.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_05injusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [REEGRUN] C:index.exe
O4 - HKLM..RunServices: [zervpack2] update2.exe
O4 - HKLM..RunServices: [Microsoft Registry] csrse.exe
O4 - HKCU..Run: [Microsoft Registry] csrse.exe
O4 - HKCU..Run: [LDM] C:ProgrammerLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f.........

Luk alle browservinduer og klik på "fix checked" start derefter op i fejlsikret tilstand og find og slet:

C:\WINDOWS\System32\update2.exe
C:\WINDOWS\System32\csrse.exe
C:\index.exe

Start derefter op i normal tilstand og smid en ny log herind til kontrol...

//Kim In Chul
Bruger påkrævet
En bruger er påkrævet for at oprette svar på Hardwareonline.dk
Du kan oprette en bruger her eller logge ind her

Log ind for at få flere funktioner