Bly Posted July 13, 2004 Share Posted July 13, 2004 Hej! Har lite problem på min andra dator i nätverket, är det någon snäll själ som villhjälpa mig med loggen? Logfile of HijackThis v1.98.0 Scan saved at 10:06:29, on 2004-07-13 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM\F-SECURE\COMMON\FSMA32.EXE C:\PROGRAM\F-SECURE\COMMON\FSMB32.EXE C:\PROGRAM\F-SECURE\COMMON\FCH32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM\F-SECURE\COMMON\FNRB32.EXE C:\PROGRAM\F-SECURE\COMMON\FAMEH32.EXE C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSGK32.EXE C:\PROGRAM\F-SECURE\COMMON\FIH32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSSM32.EXE C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSAV32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ALISNDMG.EXE C:\WINDOWS\LTSMMSG.EXE C:\PROGRAM\ACER\POWERKEY\POWERKEY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPLPR.EXE C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPENH.EXE C:\WINDOWS\SYSTEM\KEYMAP.EXE C:\PROGRAM\F-SECURE\COMMON\FSM32.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\HJT\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program\Acer\Powerkey\Powerkey.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VolKey] C:\WINDOWS\SYSTEM\Keymap.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\Run: [updmgr] C:\Program\Common files\updmgr\updmgr.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [fsaa] C:\Program\F-Secure\Common\fsaa.exe O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program\F-Secure\Common\FSMA32.EXE O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000 O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com/ O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL //Fantastiskt okunnig om datorer\ Link to comment Share on other sites More sharing options...
Mij Posted July 13, 2004 Share Posted July 13, 2004 Hej Blyfot. Stäng Internet och kör HJT. Bocka i följande: [FET] O4 - HKLM\..\Run: [updmgr] C:\Program\Common files\updmgr\updmgr.exe [/FET] Leta sedan upp filen [FET]C:\Program\Common files\updmgr\updmgr.exe [/FET] och ta bort den. Starta om datorn, skapa en ny logg och kopiera in den här. ----------------------------------------------------------------- Mail: Mij@idgmail.se Link to comment Share on other sites More sharing options...
Bly Posted July 14, 2004 Author Share Posted July 14, 2004 Man tackar, här är nya loggen! Har inte upptäckt några nya märkligheter ännu: Logfile of HijackThis v1.98.0 Scan saved at 10:24:21, on 2004-07-14 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\PROGRAM\F-SECURE\COMMON\FSMA32.EXE C:\PROGRAM\F-SECURE\COMMON\FSMB32.EXE C:\PROGRAM\F-SECURE\COMMON\FCH32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\PROGRAM\F-SECURE\COMMON\FAMEH32.EXE C:\PROGRAM\F-SECURE\COMMON\FNRB32.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSGK32.EXE C:\PROGRAM\F-SECURE\COMMON\FIH32.EXE C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSSM32.EXE C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSAV32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\ALISNDMG.EXE C:\WINDOWS\LTSMMSG.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM\ACER\POWERKEY\POWERKEY.EXE C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPLPR.EXE C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPENH.EXE C:\WINDOWS\SYSTEM\KEYMAP.EXE C:\PROGRAM\F-SECURE\COMMON\FSM32.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE C:\PROGRAM\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE C:\HJT\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6'>http://10.0.0.6 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program\Acer\Powerkey\Powerkey.exe" O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VolKey] C:\WINDOWS\SYSTEM\Keymap.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [fsaa] C:\Program\F-Secure\Common\fsaa.exe O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program\F-Secure\Common\FSMA32.EXE O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0 O4 - HKCU\..\RunServices: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0 O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000 O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com/ O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL //Fantastiskt okunnig om datorer\ Link to comment Share on other sites More sharing options...
Mij Posted July 14, 2004 Share Posted July 14, 2004 Varsågod. Nu ser det bra ut. ----------------------------------------------------------------- Mail: Mij@idgmail.se Link to comment Share on other sites More sharing options...
Bly Posted July 14, 2004 Author Share Posted July 14, 2004 Man bockar och bugar! //Fantastiskt okunnig om datorer\ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.