Search the webb

December 30, 2004

Logfile of HijackThis v1.99.0

Scan saved at 22:09:23, on 2004-12-30

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program\F-Secure\Common\FSMA32.EXE

D:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

D:\Program\F-Secure\Common\FSMB32.EXE

D:\WINDOWS\System32\nvsvc32.exe

D:\Program\Tiny Personal Firewall\persfw.exe

D:\Program\F-Secure\Common\FCH32.EXE

D:\WINDOWS\System32\svchost.exe

D:\Program\F-Secure\Common\FAMEH32.EXE

D:\Program\F-Secure\Common\FSGK32.EXE

D:\Program\F-Secure\Common\FNRB32.EXE

D:\Program\F-Secure\Common\FIH32.EXE

D:\Program\F-Secure\Anti-Virus\fsav32.exe

D:\WINDOWS\Explorer.EXE

D:\Program\D-Tools\daemon.exe

D:\Program\F-Secure\Common\FSM32.EXE

D:\Program\Java\j2re1.4.2_04\bin\jusched.exe

D:\Program\Messenger Plus! 3\MsgPlus.exe

D:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

D:\Program\Winamp\winampa.exe

D:\Program\QuickTime\qttask.exe

D:\WINDOWS\ewupdater.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program\Messenger\msmsgs.exe

D:\Program\system\DeeEnEs.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\INCRED~1\bin\IMApp.exe

D:\Program\MSN Messenger\msnmsgr.exe

d:\program\intern~1\iexplore.exe

D:\Program\ICQ\ICQ.exe

D:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

D:\Program\Internet Explorer\iexplore.exe

D:\Documents and Settings\Carina\Lokala inställningar\Temporary Internet Files\Content.IE5\5VUSZIYZ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tunwugjqvqvcgpc.com/6TKhw25w4J5car1hwGAM8S0NFlFB251RMkT0HnPjCSLx/FH1ZULN5MbQhzORLhkb.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motesplatsen.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.easywebsearch.nl'>http://www.easywebsearch.nl'>http://www.easywebsearch.nl

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.easywebsearch.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program\Panicware\Pop-Up Stopper Pro\CCHelper.dll

O2 - BHO: Showclock - {43CE8A15-4D92-0315-D929-B2DD79FE54D4} - D:\Program\ACTIVE~1\signone.dll (file missing)

O2 - BHO: (no name) - {6FF70CD4-2C1F-E991-939E-E8C82BC4604D} - D:\DOCUME~1\Carina\APPLIC~1\ACTIVE~1\mfcd build.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: (no name) - {E082FBB1-B8B4-BC8D-D0BA-B30C68A7C205} - D:\DOCUME~1\Carina\APPLIC~1\ACTIVE~1\mfcd build.exe

O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Program\Panicware\Pop-Up Stopper Pro\popuppro.dll

O3 - Toolbar: junk global - {199B0739-0C5D-D97E-24D9-EA5A95F0AB46} - D:\Program\ACTIVE~1\signone.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [Mirabilis ICQ] D:\Program\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] D:\Program\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [msnappau] "D:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ewupdater] D:\WINDOWS\ewupdater.exe

O4 - HKLM\..\Run: [Mess seek hole okay] D:\Documents and Settings\All Users\Application Data\Memowaitmessseek\antilog.exe

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "D:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [incrediMail] D:\Program\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [DeeEnEs] D:\Program\system\DeeEnEs.exe

O4 - HKCU\..\Run: [iNTERNET BIND] D:\DOCUME~1\Carina\APPLIC~1\ABOUTE~1\Cdrom Third.exe

O4 - HKCU\..\Run: [JavaUpdate0.07] D:\WINDOWS\System32\marws.exe

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Date Manager.lnk = D:\Program\Date Manager\DateManager.exe

O4 - Global Startup: GStartup.lnk = D:\Program\Delade filer\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PrecisionTime.lnk = D:\Program\PrecisionTime\PrecisionTime.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\Program\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://D:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00.05.04&http://62.3.133.18/SE/24_3d_rims_pop.jsp

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {3F2705D0-C9D8-4020-A15C-E495A0050EC6} (Easywebinstaller Control) - http://s7.blingblingcontent.com/toolbarcash/activex/easywebinstaller.ocx

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab

O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/sv/filesharingctrl.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://arcade.icq.com/multiplayer/odyssey_web8.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/SproutLauncher.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Management Agent - F-Secure Corporation - D:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Tiny Personal Firewall - Tiny Software - D:\Program\Tiny Personal Firewall\persfw.exe

min logg........bifogar den

Carina

December 30, 2004

min logg........bifogar den

Snälla, använd LOG-funktionen!

.dune.

----------------------------------------------

- "I find this a nice feature but it is not according to the documentation.

Or is it a BUG?"

- "Let´s call it an accidental feature. :-)"

December 30, 2004

Messenger Plus! 3 är ökänt för att installera diverse spionprogram etc om man inte är mycket nogrann vid installationen och avbockar allt som har med sponsorprogram att göra. Så börja med att avinstallera Messenger Plus! 3.

Kolla därefter om du har några okända program i Kontrollpanelen - Lägg till och ta bort program, avinstallera dem också i så fall.

Du måsta skapa en egen mapp till till den körbara filen HijackThis(.exe) så att den kan skapa nödvändiga säkerhetskopior. T ex så här C:\HjT\HijackThis.exe.

Förutom Ad-aware som jag ser att du kör så bör du köra Spybot som finns här:

http://www.safer-networking.org/en/download/index.html

Kör även CWShredder som laddas ner här genom att välja alternativet "Download the stand-alone...":

http://www.intermute.com/spysubtract/cwshredder_download.html

Tala om vad CWShredder rapporterar i ditt svar här.

Gör ovanstående och klistra därefter in en ny HijackThis-logg, men gör på detta sätt:

Först trycker du på LOG-knappen i Besvara-fönstret

Klistra sedan in loggen

Tryck igen på LOG-knappen

January 1, 2005

kör denna fil så ska det fixa sig

http://lop.com/toolbar_uninstall.exe

Sign In

Search the webb

Recommended Posts

aniraC

Link to comment

Share on other sites

dune

Link to comment

Share on other sites

Cecilia

Link to comment

Share on other sites

Afroswed

Link to comment

Share on other sites

Archived

Who's Online 1 Member, 0 Anonymous, 89 Guests (See full list)

Popular Contributors

Recently Browsing

Senaste inlägg

Unanswered topics

Skärmen släcks under användning…?

Nya ämnen

Skärmen släcks under användning…?

HP uppdaterar maskinparken - släpper nytt med Intel Arc-grafik

Dell P2723DE: En smart och slimmad skärm för kontoret

Norska public service-aktören ratar Facebook: "Begränsat värde"

Logitech släpper mekaniska tangentbord

Android 13 – här är största nyheterna i Googles nya OS

Surfshark har utvecklat VPN med grafiskt gränssnitt till Linux!

Nätfiskare lockar med falska Windows 11-nedladdningar

Senaste nyheter

Forums

Activity

pcforalla.se