Just nu i M3-nätverket
Gå till innehåll

Hjälp m HJT-logg?


Bly

Rekommendera Poster

Hej! Har lite problem på min andra dator i nätverket, är det någon snäll själ som villhjälpa mig med loggen?

 

Logfile of HijackThis v1.98.0

Scan saved at 10:06:29, on 2004-07-13

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMA32.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMB32.EXE

C:\PROGRAM\F-SECURE\COMMON\FCH32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\PROGRAM\F-SECURE\COMMON\FNRB32.EXE

C:\PROGRAM\F-SECURE\COMMON\FAMEH32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSGK32.EXE

C:\PROGRAM\F-SECURE\COMMON\FIH32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSSM32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSAV32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ALISNDMG.EXE

C:\WINDOWS\LTSMMSG.EXE

C:\PROGRAM\ACER\POWERKEY\POWERKEY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\KEYMAP.EXE

C:\PROGRAM\F-SECURE\COMMON\FSM32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\EXPLORER.EXE

C:\HJT\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program\Acer\Powerkey\Powerkey.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VolKey] C:\WINDOWS\SYSTEM\Keymap.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\Run: [updmgr] C:\Program\Common files\updmgr\updmgr.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [fsaa] C:\Program\F-Secure\Common\fsaa.exe

O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program\F-Secure\Common\FSMA32.EXE

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com/

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

 

 

 

//Fantastiskt okunnig om datorer\

Länk till kommentar
Dela på andra webbplatser

Hej Blyfot.

 

Stäng Internet och kör HJT.

 

Bocka i följande:

[FET]

O4 - HKLM\..\Run: [updmgr] C:\Program\Common files\updmgr\updmgr.exe

[/FET]

 

Leta sedan upp filen

[FET]C:\Program\Common files\updmgr\updmgr.exe

[/FET] och ta bort den.

 

Starta om datorn, skapa en ny logg och kopiera in den här.

-----------------------------------------------------------------

 

Mail: Mij@idgmail.se

 

Länk till kommentar
Dela på andra webbplatser

Man tackar, här är nya loggen! Har inte upptäckt några nya märkligheter ännu:

 

Logfile of HijackThis v1.98.0

Scan saved at 10:24:21, on 2004-07-14

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMA32.EXE

C:\PROGRAM\F-SECURE\COMMON\FSMB32.EXE

C:\PROGRAM\F-SECURE\COMMON\FCH32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM\F-SECURE\COMMON\FAMEH32.EXE

C:\PROGRAM\F-SECURE\COMMON\FNRB32.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSGK32.EXE

C:\PROGRAM\F-SECURE\COMMON\FIH32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSSM32.EXE

C:\PROGRAM\F-SECURE\ANTI-VIRUS\FSAV32.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ALISNDMG.EXE

C:\WINDOWS\LTSMMSG.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM\ACER\POWERKEY\POWERKEY.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPLPR.EXE

C:\PROGRAM\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM\KEYMAP.EXE

C:\PROGRAM\F-SECURE\COMMON\FSM32.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE

C:\PROGRAM\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE

C:\HJT\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6'>http://10.0.0.6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.0.0.6

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [ALiSndMgr] ALiSndMg.exe

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe

O4 - HKLM\..\Run: [AcerPowerkey] "C:\Program\Acer\Powerkey\Powerkey.exe"

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VolKey] C:\WINDOWS\SYSTEM\Keymap.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [iCSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [fsaa] C:\Program\F-Secure\Common\fsaa.exe

O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Program\F-Secure\Common\FSMA32.EXE

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - HKCU\..\RunServices: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0

O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: F-Secure BackWeb.lnk = C:\Program\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRAM\MICROS~1\OFFICE10\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.acer.com/

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

 

 

 

//Fantastiskt okunnig om datorer\

Länk till kommentar
Dela på andra webbplatser

Varsågod.

 

Nu ser det bra ut.

-----------------------------------------------------------------

 

Mail: Mij@idgmail.se

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...