Just nu i M3-nätverket
Jump to content

HJÄLP


Guest idgadmin

Recommended Posts

Guest idgadmin

Datorn är kapad antar jag och så j***a slö. Finns det något att göra? Är det nedanstående loggfil som behövs?

 

Logfile of HijackThis v1.99.0

Scan saved at 18:15:02, on 2005-02-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\ShareDLL\CtNotify.exe

C:\Program\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program\Creative\SBLive\Program\CTAvTray.EXE

C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Creative\ShareDLL\MediaDet.Exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Bluffstopparen\Bluffstopparen.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\iD2\CSP\iD2CertMover.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\id2scaps.exe

C:\Program\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE

C:\Program\Panda Software\Panda Antivirus Titanium\pavProxy.exe

C:\Documents and Settings\Hempc\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.searchv.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://startsidan.telia.se

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telia Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Program\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [AudioHQ] C:\Program\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [CTAvTray] C:\Program\Creative\SBLive\Program\CTAvTray.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [Media Services] C:\Program\Windows Media Player\wmplayer.exe.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Bluffstopparen.lnk = C:\Program\Bluffstopparen\Bluffstopparen.exe

O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .mpeg: C:\Program\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://startsidan.telia.se

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

O23 - Service: F-Secure BackWeb - Unknown - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: F-Secure BackWeb LAN Access - Unknown - C:\Program\F-Secure\BackWeb\7681197\Program\fsbwlan.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda anti-virus service - Unknown - C:\Program\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe

 

 

 

Link to comment
Share on other sites

Guest idgadmin

Kör igenom med Adaware se, uppdatera först.

 

sedan:

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

(skippa inte grejen ovan)

 

Gör alla dolda filer synliga

 

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Kör HJt och posta en ny logg så finns det säkert nån med mer kunskap som kan hjälpa dig rensa den.

 

Link to comment
Share on other sites

 

Hej

 

Jag är ingen hejare på det här med loggar! Så vänta tills Zipp eller Mij eller någon annan som kan detta hjälper dig!

 

Men av vad jag kan förstå så har du både Panda och F-secure!

 

Det är inte att rek att ha 2st virusprogram installerade!

 

Ha det!

Helren

Det finns många som anser det vara förmer att hållas för mästare än att vara det

AMD Athlon Barton 2,17Ghz,1024Mb Ram, 120+80Gb,Radeon 9600 256Mb

AMD Athlon 1,8Ghz, 256Mb Ram, 32Mb Geforce, 40Gb Hd

 

Link to comment
Share on other sites

Du har 2 antivirusprogram i gång

 

Panda och F-secure

 

Stäng av en utav dom.

 

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

(skippa inte greijen ovan)

 

Dolda filer synliga

 

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.searchv.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/w/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg

O4 - HKLM\..\Run: [Media Services] C:\Program\Windows Media Player\wmplayer.exe.exe

O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\explorer.cab

 

 

Starta sen i felsäkert läge sök och ta bort

 

sys.reg

wmplayer.exe.exe

 

Starta sen normalt och ny Hijack logg.

 

 

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...