Just nu i M3-nätverket
Jump to content

Tolka HiJackThis


Ronboy

Recommended Posts

Hej!

Tacksam för tolkning av följande log och vad jag kan/bör ta bort!

Logfile of HijackThis v1.97.7

Scan saved at 18:44:09, on 2004-05-22

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\NORTON~1\navapw32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\Program\HEWLET~1\HPSHAR~1\hpgs2wnf.exe

C:\Program\WhenUSearch\Search.exe

C:\Program\POP-UP~1\PSFree.exe

C:\WINDOWS\System32\wnsapitr.exe

C:\Documents and Settings\Ronny\Application Data\sihu.exe

C:\Program\Adobe\Acrobat 4.0\Distillr\AcroTray.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\HiJack\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.telia.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\System32\Bhoekort.dll

O2 - BHO: (no name) - {6AEB9A46-DE58-456D-B438-212A8860AF42} - C:\WINDOWS\System32\lgm.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] C:\Program\Elaborate Bytes\CloneCD\CloneCDTray.exe

O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async

O4 - HKLM\..\Run: [WhenUSearch] "C:\Program\WhenUSearch\Search.exe"

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [Ttar] C:\Documents and Settings\Ronny\Application Data\ruar.exe

O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapitr.exe

O4 - HKCU\..\Run: [Tsot] C:\Documents and Settings\Ronny\Application Data\sihu.exe

O4 - HKCU\..\Run: [window.exe] C:\WINDOWS\System32\window.exe

O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Program\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 4.0\Distillr\AcroTray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O9 - Extra 'Tools' menuitem: Sun Java-konsol (HKLM)

O9 - Extra button: Yahoo! Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall_orbiscomsigned.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://www.toolbar.google.com/data/sv/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37906.1514583333

O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://www.webcamnow.com/voice/voice.cab

O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

 

 

 

Link to comment
Share on other sites

Hej.

 

Det finns en del saker i din dator...

 

Börja med att köra Ad-Aware.

Ad-Aware:

http://www.lavasoftusa.com/swedish/support/download/

 

Inställningar av Ad-Aware:

http://www.lavasoftsupport.com/index.php?showtopic=14136

 

Kontrollera sedan med HJT om följande finns kvar

 

Detta är ett "sökhjälpmedel", som både kan vara till nytta och besvär.

[FET]

[bLÅ]

C:\Program\WhenUSearch\Search.exe

[/bLÅ]

[/FET]

 

Om du har installerat det för att du vill ha det, så låt det vara.

 

Detta hittar jag ingen info om

[FET]

[RÖD]

C:\Documents and Settings\Ronny\Application Data\sihu.exe

[/RÖD]

[/FET]

 

Det kan vara så att det tillhör något program du har, men jag vet inte.

 

Jag hittar inte heller någon information om

[FET]

[RÖD]

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*

 

O4 - HKLM\..\Run: [WhenUSearch] "C:\Program\WhenUSearch\Search.exe"

 

[/RÖD]

[/FET]

 

Det kan tillhöra Search.exe, men jag är inte säker.

Om du tar bort det, och det skulle visa sig att sökprogrammet inte funkar får du installera om sökprogrammet.

 

Detta kan du ta bort

[FET]

 

O2 - BHO: (no name) - {6AEB9A46-DE58-456D-B438-212A8860AF42} - C:\WINDOWS\System32\lgm.dll

 

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

 

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll

 

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

 

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

 

O4 - HKCU\..\Run: [Ttar] C:\Documents and Settings\Ronny\Application Data\ruar.exe

 

O4 - HKCU\..\Run: [Tsot] C:\Documents and Settings\Ronny\Application Data\sihu.exe

 

C:\WINDOWS\System32\wnsapitr.exe

[/FET]

 

 

 

 

Link to comment
Share on other sites

Tack!!

Dina tips verkar (iaf tillfälligt) ha botat min dator från all smörja och konstigheter den haft den senaste tiden! Jättenöjd! /Ronboy

 

 

Link to comment
Share on other sites

Det låter bra.

 

Jag rekommenderar att du regelbundet scannar med Ad-Aware.

 

Du kan även prova Spybot S&D:

http://www.safer-networking.org/index.php?page=download

 

Dock rekommenderar jag viss försiktighet med Spybot, i alla fall om du har legitima program som använder BackWeb (eller BackWeb Lite).

 

Exempel på sådana program är Logitech och F-Secure Antivirus.

 

Vill du veta mer så återkom.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...