Hjälp med Hijackthis loggfil

[jonakarl]

Ser denna loggfil ok ut?

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 11:41:54, on 2006-10-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe

C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint\Apoint.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\WLTRAY.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Dell\Bluetooth Software\BTTray.exe

C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe

C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Documents and Settings\jonakarl\Desktop\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\304.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [RssReader] C:\Program Files\RssReader\RssReader.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O15 - Trusted Zone: http://intra.se.capgemini.com

O15 - Trusted Zone: http://*.capgemini.se

O15 - Trusted Zone: http://intra.sogeti.se

O15 - Trusted Zone: *.sogeti.se

O16 - DPF: {5CF549B1-E178-4D8C-ADEF-73F226644F12} (Room328 Designer Setup) - http://designer.room328.com/app/WebVDSetUp.cab

O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab

O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://njord/qcbin/Spider90.ocx

O16 - DPF: {A0F3DE0D-9308-4650-82A0-53F0C17D7D65} (Web2D Control) - http://designer.room328.com/app/WebVD.vcb

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.sogeti.se

O17 - HKLM\Software\..\Telephony: DomainName = ad.sogeti.se

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.sogeti.se

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.sogeti.se

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

 

 

[/log]

 

[Zipp.]

 

Gör en Sök på filen nedan och om den hittas på datorn så scanna den här och meddela resultat

 

C:\WINDOWS\system32\304.exe

 

http://www.virustotal.com/en/indexf.html

 

[jonakarl]

[log]

Antivirus Version Update Result

AntiVir 7.2.0.30 10.17.2006 Worm/Licat.D.4

Authentium 4.93.8 10.16.2006 no virus found

Avast 4.7.892.0 10.16.2006 no virus found

AVG 386 10.16.2006 no virus found

BitDefender 7.2 10.17.2006 Dropped:Application.Clickspring.A

CAT-QuickHeal 8.00 10.16.2006 (Suspicious) - DNAScan

ClamAV devel-20060426 10.17.2006 no virus found

DrWeb 4.33 10.17.2006 no virus found

eTrust-InoculateIT 23.73.24 10.17.2006 no virus found

eTrust-Vet 30.3.3139 10.17.2006 no virus found

Ewido 4.0 10.17.2006 no virus found

Fortinet 2.82.0.0 10.17.2006 no virus found

F-Prot 3.16f 10.16.2006 no virus found

F-Prot4 4.2.1.29 10.16.2006 no virus found

Ikarus 0.2.65.0 10.17.2006 no virus found

Kaspersky 4.0.2.24 10.17.2006 no virus found

McAfee 4874 10.16.2006 no virus found

Microsoft 1.1603 10.17.2006 no virus found

NOD32v2 1.1806 10.17.2006 probably unknown NewHeur_PE virus

Norman 5.80.02 10.16.2006 no virus found

Panda 9.0.0.4 10.16.2006 Suspicious file

 

[/log]

 

[Zipp.]

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\304.exe

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll"

 

starta sen i felsäkert läge och ta bort

 

C:\WINDOWS\system32\304.exe

 

ser inget annat i loggen