Just nu i M3-nätverket
Jump to content

Logfil HiJack


Guest idgadmin

Recommended Posts

Guest idgadmin

Här är min logfil från HiJack som jag vill ha hjälp med hur jag skall hantera:

 

Logfile of HijackThis v1.97.7

Scan saved at 21:58:07, on 2004-10-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Documents and Settings\Johan\Skrivbord\iclogin1.2.exe

C:\Program\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\QuickTime\qttask.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe

C:\Program\Sony Ericsson\Mobile\audevicemgr.exe

C:\PROGRAM\ERICSSON\COMMUN~1\MOBILE~1\DbgOut.exe

C:\Program\Logitech\Video\FxSvr2.exe

c:\Program\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE

C:\Program\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\Program\Canon\MultiPASS4\MPDBMgr.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Johan\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcforalla.idg.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll

O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)

O4 - HKLM\..\Run: [MPTBox] C:\Program\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Search.vbs

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: Free Surfer (HKLM)

O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

 

 

 

Link to comment
Share on other sites

Guest idgadmin

Logfile of HijackThis v1.98.2

Scan saved at 21:34:58, on 2004-10-06

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Canon\MultiPASS4\MPTBox.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Documents and Settings\Johan\Skrivbord\iclogin1.2.exe

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\Canon\MultiPASS4\MPSERVIC.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe

C:\Program\Sony Ericsson\Mobile\audevicemgr.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\PROGRAM\ERICSSON\COMMUN~1\MOBILE~1\DbgOut.exe

c:\Program\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

C:\Program\Messenger\msmsgs.exe

C:\Program\SONYER~1\Mobile\CONNEC~1\CapMan.exe

C:\Program\SONYER~1\Mobile\CONNEC~1\ElogErr.exe

C:\Program\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE

C:\Program\SONYER~1\Mobile\CONNEC~1\SCRFS.exe

C:\Program\SONYER~1\Mobile\AUFILE~1.EXE

C:\Program\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe

C:\Program\MICROS~1\Office10\OUTLOOK.EXE

C:\Program\Microsoft Office\Office10\WINWORD.EXE

C:\Program\Canon\MultiPASS4\MPDBMgr.exe

C:\Program\SONYER~1\Mobile\SYNCIN~1.EXE

C:\Documents and Settings\Johan\Lokala inställningar\Temporary Internet Files\Content.IE5\SXQVKHYN\HijackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll

O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx

O4 - HKLM\..\Run: [MPTBox] C:\Program\Canon\MultiPASS4\MPTBox.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Ulead Photo Express Calendar Checker For My Custom Edition.lnk = C:\Program\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program\Free Surfer\FS20.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab

O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab

 

 

 

 

Link to comment
Share on other sites

Det finns en rad som ser misstänkt ut.

O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)

Tyder på Dashbar, se den här sidan om borttagningsanvisningar:

http://www.spywareguide.com/product_show.php?id=774

 

Sedan kör du HijackThis igen och skannar.

Markera följande rader:

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program\Free Surfer\FS20.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent

ralInitialSetup1.0.0.8.exe

 

Avsluta alla andra program, inkl. webbläsare.

Tryck på Fix checked.

Starta om och ta ut en ny HijackThis-logg och posta den här så får vi se om din dator är frisk igen.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...