Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Search the webb

aniraC

Startad av aniraC,
i Virus, skadliga program & botemedel

Rekommendera Poster

aniraC

aniraC

Postad
Postad

Logfile of HijackThis v1.99.0

Scan saved at 22:09:23, on 2004-12-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program\F-Secure\Common\FSMA32.EXE

D:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

D:\Program\F-Secure\Common\FSMB32.EXE

D:\WINDOWS\System32\nvsvc32.exe

D:\Program\Tiny Personal Firewall\persfw.exe

D:\Program\F-Secure\Common\FCH32.EXE

D:\WINDOWS\System32\svchost.exe

D:\Program\F-Secure\Common\FAMEH32.EXE

D:\Program\F-Secure\Common\FSGK32.EXE

D:\Program\F-Secure\Common\FNRB32.EXE

D:\Program\F-Secure\Common\FIH32.EXE

D:\Program\F-Secure\Anti-Virus\fsav32.exe

D:\WINDOWS\Explorer.EXE

D:\Program\D-Tools\daemon.exe

D:\Program\F-Secure\Common\FSM32.EXE

D:\Program\Java\j2re1.4.2_04\bin\jusched.exe

D:\Program\Messenger Plus! 3\MsgPlus.exe

D:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

D:\Program\Winamp\winampa.exe

D:\Program\QuickTime\qttask.exe

D:\WINDOWS\ewupdater.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program\Messenger\msmsgs.exe

D:\Program\system\DeeEnEs.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\INCRED~1\bin\IMApp.exe

D:\Program\MSN Messenger\msnmsgr.exe

d:\program\intern~1\iexplore.exe

D:\Program\ICQ\ICQ.exe

D:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

D:\Program\Internet Explorer\iexplore.exe

D:\Program\Internet Explorer\iexplore.exe

D:\Documents and Settings\Carina\Lokala inställningar\Temporary Internet Files\Content.IE5\5VUSZIYZ\HijackThis[1].exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tunwugjqvqvcgpc.com/6TKhw25w4J5car1hwGAM8S0NFlFB251RMkT0HnPjCSLx/FH1ZULN5MbQhzORLhkb.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motesplatsen.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl'>http://www.easywebsearch.nl'>http://www.easywebsearch.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program\Panicware\Pop-Up Stopper Pro\CCHelper.dll

O2 - BHO: Showclock - {43CE8A15-4D92-0315-D929-B2DD79FE54D4} - D:\Program\ACTIVE~1\signone.dll (file missing)

O2 - BHO: (no name) - {6FF70CD4-2C1F-E991-939E-E8C82BC4604D} - D:\DOCUME~1\Carina\APPLIC~1\ACTIVE~1\mfcd build.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: (no name) - {E082FBB1-B8B4-BC8D-D0BA-B30C68A7C205} - D:\DOCUME~1\Carina\APPLIC~1\ACTIVE~1\mfcd build.exe

O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Program\Panicware\Pop-Up Stopper Pro\popuppro.dll

O3 - Toolbar: junk global - {199B0739-0C5D-D97E-24D9-EA5A95F0AB46} - D:\Program\ACTIVE~1\signone.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\Program\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [msnappau] "D:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ewupdater] D:\WINDOWS\ewupdater.exe

O4 - HKLM\..\Run: [Mess seek hole okay] D:\Documents and Settings\All Users\Application Data\Memowaitmessseek\antilog.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "D:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [incrediMail] D:\Program\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [DeeEnEs] D:\Program\system\DeeEnEs.exe

O4 - HKCU\..\Run: [iNTERNET BIND] D:\DOCUME~1\Carina\APPLIC~1\ABOUTE~1\Cdrom Third.exe

O4 - HKCU\..\Run: [JavaUpdate0.07] D:\WINDOWS\System32\marws.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Date Manager.lnk = D:\Program\Date Manager\DateManager.exe

O4 - Global Startup: GStartup.lnk = D:\Program\Delade filer\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PrecisionTime.lnk = D:\Program\PrecisionTime\PrecisionTime.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\Program\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.05.04&http://62.3.133.18/SE/24_3d_rims_pop.jsp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Authentication Agent - F-Secure Corporation. All Rights Reserved. - D:\Program\F-Secure\Common\FSAA.EXE

O23 - Service: F-Secure Management Agent - F-Secure Corporation - D:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Tiny Personal Firewall - Tiny Software - D:\Program\Tiny Personal Firewall\persfw.exe

 

min logg........bifogar den

 

Carina

 

Länk till kommentar
Dela på andra webbplatser
dune

dune

Postad
Postad
min logg........bifogar den
Snälla, använd LOG-funktionen!

 

 

.dune.

----------------------------------------------

- "I find this a nice feature but it is not according to the documentation.

Or is it a BUG?"

- "Let´s call it an accidental feature. :-)"

 

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Messenger Plus! 3 är ökänt för att installera diverse spionprogram etc om man inte är mycket nogrann vid installationen och avbockar allt som har med sponsorprogram att göra. Så börja med att avinstallera Messenger Plus! 3.

 

Kolla därefter om du har några okända program i Kontrollpanelen - Lägg till och ta bort program, avinstallera dem också i så fall.

 

Du måsta skapa en egen mapp till till den körbara filen HijackThis(.exe) så att den kan skapa nödvändiga säkerhetskopior. T ex så här C:\HjT\HijackThis.exe.

 

Förutom Ad-aware som jag ser att du kör så bör du köra Spybot som finns här:

http://www.safer-networking.org/en/download/index.html

 

Kör även CWShredder som laddas ner här genom att välja alternativet "Download the stand-alone...":

http://www.intermute.com/spysubtract/cwshredder_download.html

Tala om vad CWShredder rapporterar i ditt svar här.

 

Gör ovanstående och klistra därefter in en ny HijackThis-logg, men gör på detta sätt:

Först trycker du på LOG-knappen i Besvara-fönstret

Klistra sedan in loggen

Tryck igen på LOG-knappen

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...