Just nu i M3-nätverket
Jump to content

ZIPP o 927!


jeeves

Recommended Posts

Hej båda!

Kan ni ta en titt på min HiJack-log. Jag har installerat XP Pro, men jag har inte haft några problem än, men det var länge sedan loggen blev undersökt. Ingen brådska, utan ta den, när ni anser er hinna!

Ha det gott och sköt om er och era kära!

Logfile of HijackThis v1.99.0

Scan saved at 18:12:38, on 2005-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\fswsclds.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Vanliga filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Cleaner\SpywareCleaner.Exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\mozilla.org\Mozilla\Mozilla.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer erhållen av Telia

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startl.exe] "C:\Program\LingoCom\startl.exe" ###

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe

O4 - HKLM\..\Run: [NAV Auto Protect] mcafee32.exe

O4 - HKLM\..\Run: [Windows Security Module] module.exe

O4 - HKLM\..\Run: [Microsofts MediaScope] winmedplay.exe

O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe

O4 - HKLM\..\RunServices: [NAV Auto Protect] mcafee32.exe

O4 - HKLM\..\RunServices: [Windows Security Module] module.exe

O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmedplay.exe

O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe

O4 - HKLM\..\RunOnce: [startl.exe] "C:\Program\LingoCom\startl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Microsoft Virual Machine] sms.exe

O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe

O4 - HKCU\..\Run: [Windows Security Module] module.exe

O4 - HKCU\..\Run: [NAV Auto Protect] mcafee32.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Cleaner] "C:\Program\Spyware Cleaner\SpywareCleaner.Exe" /boot

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Spray Mail - {C7954AE0-4A0C-11D4-BEE4-9BCF3C77857D} - http://mail.spray.se (file missing) (HKCU)

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109349666468

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6ECD193-16D3-4208-8A1B-EBB73675D4B6}: NameServer = 195.67.199.30 195.67.199.31

O23 - Service: F-Secure Internet Security 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service - F-Secure Corporation - C:\Program\F-Secure Internet Security\fswsclds.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program\Spyware Cleaner\SCService.exe

 

Mvh Hans

 

 

Link to comment
Share on other sites

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe

O4 - HKLM\..\Run: [NAV Auto Protect] mcafee32.exe

O4 - HKLM\..\Run: [Windows Security Module] module.exe

O4 - HKLM\..\Run: [Microsofts MediaScope] winmedplay.exe

O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe

O4 - HKLM\..\RunServices: [McAfee Windows Protection] mcafee32.exe

O4 - HKLM\..\RunServices: [NAV Auto Protect] mcafee32.exe

O4 - HKLM\..\RunServices: [Windows Security Module] module.exe

O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmedplay.exe

O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe

O4 - HKCU\..\Run: [Microsoft Virual Machine] sms.exe

O4 - HKCU\..\Run: [McAfee Windows Protection] mcafee32.exe

O4 - HKCU\..\Run: [Windows Security Module] module.exe

O4 - HKCU\..\Run: [NAV Auto Protect] mcafee32.exe

 

Starta om datorn och skicka en ny Hijack logg så ser vi hur vi ligger till.

 

 

 

 

Link to comment
Share on other sites

Logfile of HijackThis v1.99.0

Scan saved at 21:54:22, on 2005-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\fswsclds.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Vanliga filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Cleaner\SpywareCleaner.Exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\mozilla.org\Mozilla\Mozilla.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer erhållen av Telia

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startl.exe] "C:\Program\LingoCom\startl.exe" ###

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\RunOnce: [startl.exe] "C:\Program\LingoCom\startl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Cleaner] "C:\Program\Spyware Cleaner\SpywareCleaner.Exe" /boot

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Spray Mail - {C7954AE0-4A0C-11D4-BEE4-9BCF3C77857D} - http://mail.spray.se (file missing) (HKCU)

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109349666468

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319

O23 - Service: F-Secure Internet Security 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service - F-Secure Corporation - C:\Program\F-Secure Internet Security\fswsclds.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program\Spyware Cleaner\SCService.exe

 

Här en ny logg, men hur kan jag ha Norton i mitt system? Jag har aldrig installerat detta!

Mycket märkligt!

Ha det gott och sköt om dig o de dina!

Mvh Hans

 

 

Link to comment
Share on other sites

 

Bocka i och Fix:sa

 

O4 - HKCU\..\Run: [Norton Personal Firewall] jah.exe

 

Starta om och ny logg

 

> hur kan jag ha Norton i mitt system <

 

Om du menar detta

 

Norton Personal Firewall

 

så har den ingenting med Norton att göra.

Det är en elaking som försöker gömma sej.

 

Link to comment
Share on other sites

Logfile of HijackThis v1.99.0

Scan saved at 22:33:28, on 2005-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program\F-Secure Internet Security\backweb\4476822\Program\BackWeb-4476822.exe

C:\Program\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program\F-Secure Internet Security\fswsclds.exe

C:\Program\F-Secure Internet Security\Common\FSMB32.EXE

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure Internet Security\Common\FCH32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Vanliga filer\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\sistray.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Cleaner\SpywareCleaner.Exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program\mozilla.org\Mozilla\Mozilla.exe

C:\Program\Personal\bin\Personal.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.handelsbanken.se/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer erhållen av Telia

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Vanliga filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startl.exe] "C:\Program\LingoCom\startl.exe" ###

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\RunOnce: [startl.exe] "C:\Program\LingoCom\startl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Cleaner] "C:\Program\Spyware Cleaner\SpywareCleaner.Exe" /boot

O4 - HKCU\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /0

 

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program\mozilla.org\Mozilla\Mozilla.exe" -turbo

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk

O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Spray Mail - {C7954AE0-4A0C-11D4-BEE4-9BCF3C77857D} - http://mail.spray.se (file missing) (HKCU)

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109349666468

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319

O17 - HKLM\System\CCS\Services\Tcpip\..\{A6ECD193-16D3-4208-8A1B-EBB73675D4B6}: NameServer = 195.67.199.30 195.67.199.31

O23 - Service: F-Secure Internet Security 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service - F-Secure Corporation - C:\Program\F-Secure Internet Security\fswsclds.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Panda Process Protection Service - Unknown - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program\Spyware Cleaner\SCService.exe

 

Vi försöker igen!!

Mvh Hans

 

 

Link to comment
Share on other sites

 

alla dessa fem är trojaner

 

O4 - HKLM\..\Run: [McAfee Windows Protection] mcafee32.exe

O4 - HKLM\..\Run: [NAV Auto Protect] mcafee32.exe

O4 - HKLM\..\Run: [Windows Security Module] module.exe

O4 - HKLM\..\Run: [Microsofts MediaScope] winmedplay.exe

O4 - HKLM\..\Run: [Norton Personal Firewall] jah.exe

 

det gör mej tveksam till f-secure paket du har även om jag inte vet vad du gjort eller inte gjort

 

Link to comment
Share on other sites

 

Ok ser bra ut nu.

Har du inte Panda längre på datorn så Fix:sa denna rad

 

O23 - Service: Panda Process Protection Service - Unknown - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

 

Avinstallera detta,inget att ha

 

Spyware Cleaner

 

 

[inlägget ändrat 2005-02-27 23:03:46 av Zipp]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...