Hjälp m HJT-logg?

July 13, 2004

Hej! Har lite problem på min andra dator i nätverket, är det någon snäll själ som villhjälpa mig med loggen?

Logfile of HijackThis v1.98.0

Scan saved at 10:06:29, on 2004-07-13

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMA32.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMB32.EXE

C:\PROGRAM\F-SECURE\COMMON\FCH32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM\F-SECURE\COMMON\FNRB32.EXE

C:\PROGRAM\F-SECURE\COMMON\FAMEH32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSGK32.EXE

C:\PROGRAM\F-SECURE\COMMON\FIH32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSSM32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSAV32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ALISNDMG.EXE

C:\WINDOWS\LTSMMSG.EXE

C:\PROGRAM\ACER\POWERKEY\POWERKEY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\KEYMAP.EXE

C:\PROGRAM\F-SECURE\COMMON\FSM32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program\Acer\Powerkey\Powerkey.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VolKey] C:\WINDOWS\SYSTEM\Keymap.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [updmgr] C:\Program\Common files\updmgr\updmgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [fsaa] C:\Program\F-Secure\Common\fsaa.exe

O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program\F-Secure\Common\FSMA32.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com/

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

//Fantastiskt okunnig om datorer\

July 13, 2004

Hej Blyfot.

Stäng Internet och kör HJT.

Bocka i följande:

[FET]

O4 - HKLM\..\Run: [updmgr] C:\Program\Common files\updmgr\updmgr.exe

[/FET]

Leta sedan upp filen

[FET]C:\Program\Common files\updmgr\updmgr.exe

[/FET] och ta bort den.

Starta om datorn, skapa en ny logg och kopiera in den här.

-----------------------------------------------------------------

Mail: Mij@idgmail.se

July 14, 2004

Man tackar, här är nya loggen! Har inte upptäckt några nya märkligheter ännu:

Logfile of HijackThis v1.98.0

Scan saved at 10:24:21, on 2004-07-14

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMA32.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMB32.EXE

C:\PROGRAM\F-SECURE\COMMON\FCH32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM\F-SECURE\COMMON\FAMEH32.EXE

C:\PROGRAM\F-SECURE\COMMON\FNRB32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSGK32.EXE

C:\PROGRAM\F-SECURE\COMMON\FIH32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSSM32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSAV32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ALISNDMG.EXE

C:\WINDOWS\LTSMMSG.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM\ACER\POWERKEY\POWERKEY.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\KEYMAP.EXE

C:\PROGRAM\F-SECURE\COMMON\FSM32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE

C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6'>http://10.0.0.6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program\Acer\Powerkey\Powerkey.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VolKey] C:\WINDOWS\SYSTEM\Keymap.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [fsaa] C:\Program\F-Secure\Common\fsaa.exe

O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program\F-Secure\Common\FSMA32.EXE

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKCU\..\RunServices: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com/

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

//Fantastiskt okunnig om datorer\

July 14, 2004

Varsågod.

Nu ser det bra ut.

-----------------------------------------------------------------

Mail: Mij@idgmail.se

July 14, 2004

Man bockar och bugar!

//Fantastiskt okunnig om datorer\

Sign In

Hjälp m HJT-logg?

Recommended Posts

Bly

Link to comment

Share on other sites

Mij

Link to comment

Share on other sites

Bly

Link to comment

Share on other sites

Mij

Link to comment

Share on other sites

Bly

Link to comment

Share on other sites

Archived

Who's Online 0 Members, 0 Anonymous, 39 Guests (See full list)

Popular Contributors

Announcements

Recently Browsing

Senaste inlägg

Forums

Activity

pcforalla.se