Just nu i M3-nätverket
Jump to content

HiJackThis hjälp


[Esc]

Recommended Posts

Håller på att hjälpa till med att rensa en dator från spyware

 

Någon som ser något i denna logg?

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:55:25, on 2006-01-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\COMPAQ\CPQINET\CPQInet.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\Program\NORTON~1\navapw32.exe

C:\Program\Compaq\EASYAC~1\BttnServ.exe

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\SYSTEM~1\soap.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\INCRED~1\bin\IMApp.exe

C:\Program\Nikon\NkView5\NkvMon.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program\SpywareGuard\sgmain.exe

C:\Program\OpenOffice.org641\program\soffice.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program\Norton AntiVirus\navapsvc.exe

C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearchIndexer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\SpywareGuard\sgbhp.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Lavasoft\AD-AWA~2\Ad-Aware.exe

C:\WINDOWS\system32\taskmgr.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/'>http://www.msn.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.tele2.se/portal/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=041d&s=search&ap=b204'>http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=041d&s=search&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=041d&s=search&ap=b204

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [system Soap Pro] C:\Program\SYSTEM~1\soap.exe min

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [incrediMail] C:\Program\INCRED~1\bin\IncMail.exe /c

O4 - Startup: OpenOffice.org 641.lnk = C:\Program\OpenOffice.org641\program\quickstart.exe

O4 - Startup: SpywareGuard.lnk = C:\Program\SpywareGuard\sgmain.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Kalenderpåminnelser i Microsoft Works.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program\Nikon\NkView5\NkvMon.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program\MSN Toolbar Suite\DS\02.05.0001.1119\sv-se\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/229?56221f093dbf4e53a19215c5b6a16dcc

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\MSN Toolbar Suite\TAB\02.05.0000.1105\sv-se\msntabres.dll/230?56221f093dbf4e53a19215c5b6a16dcc

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://start.tele2.se/portal/

O15 - Trusted Zone: www.fujidirekt.se

O16 - DPF: {07FA65C2-51FF-4638-ACB5-7F3EBD861678} (Upload.SnapUpload) - http://www.onskefoto.se/photos/upload/SnapUpload.cab

O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.fujidirekt.se/SAXFile/saxfile.cab

O16 - DPF: {78EB01F2-73D9-4B08-87DA-B4B866A5B1C9} (SnapChooser.SnapViewer) - http://www.onskefoto.se/photos/upload/SnapChooser.cab

O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[/log]

--

[Esc]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...