`Miraculous´ Posted March 1, 2005 Share Posted March 1, 2005 Dum som jag var så ladda jag nyss ner dc++ faster download 1.7 nånting. Märkte direkt att jag fick in skit på datan. Tog bort det jag kunde och hittade i felsäkert läge men jag misstänker att det finns en del kvar så jag skickar en hijack. Skulle även va glad om nån säger vilka saker som är totalt onödiga i 04-raderna. Logfile of HijackThis v1.99.1 Scan saved at 21:20:56, on 2005-03-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program\Ahead\InCD\InCD.exe C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Trust\Ami Mouse 250S Cordless\Amoumain.exe C:\Program\AVPersonal\AVGNT.EXE C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\Program\Microsoft AntiSpyware\gcasServ.exe C:\Documents and Settings\Jakob\Mina dokument\UnderhållninG\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Microsoft Office\Office\FINDFAST.EXE C:\Program\Microsoft Office\Office\OSA.EXE C:\Program\Microsoft AntiSpyware\gcasDtServ.exe C:\Program\AVPersonal\AVGUARD.EXE C:\Program\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program\Ahead\InCD\InCDsrv.exe C:\Documents and Settings\Jakob\Mina dokument\UnderhållninG\Winamp\winamp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/'>http://login1.telia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://login1.telia.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar1_27.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar1_27.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Program\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Jakob\Mina dokument\UnderhållninG\Winamp\winampa.exe O4 - HKLM\..\Run: [saap] c:\documents and settings\jakob\mina dokument\underhållning\dc++\dcplus fasterdownloads\saap.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109622301589 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program\Ahead\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to comment Share on other sites More sharing options...
Zipp. Posted March 1, 2005 Share Posted March 1, 2005 Avinstallera via Kontrollpanelen om det finns QuickSearch Search Bar QuickSearch Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar1_27.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar1_27.dll O4 - HKLM\..\Run: [saap] c:\documents and settings\jakob\mina dokument\underhållning\dc++\dcplus fasterdownloads\saap.exe Starta sen i felsäkert läge sök och ta bort C:\Program\QuickSearch\ < mappen c:\documents and settings\jakob\mina dokument\underhållning\dc++\dcplus fasterdownloads\saap.exe - ta bort dcplus fasterdownloads mappen Link to comment Share on other sites More sharing options...
`Miraculous´ Posted March 1, 2005 Author Share Posted March 1, 2005 Dessa rader fanns inte kvar efter att ha tagit bort QuickSearch från Kontrollpanelen: O2 - BHO: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar1_27.dll O3 - Toolbar: QuickSearch Search Bar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program\QuickSearch\QuickSearchBar1_27.dll Denna map har jag tagit bort sen tidigare: c:\documents and settings\jakob\mina dokument\underhållning\dc++\dcplus fasterdownloads Tror att allt e borta nu, men skickar med ny logg iaf. Logfile of HijackThis v1.99.1 Scan saved at 22:58:52, on 2005-03-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\AVPersonal\AVGUARD.EXE C:\Program\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program\Ahead\InCD\InCD.exe C:\Program\Logitech\iTouch\iTouch.exe C:\Program\Trust\Ami Mouse 250S Cordless\Amoumain.exe C:\Program\AVPersonal\AVGNT.EXE C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\Program\Microsoft AntiSpyware\gcasServ.exe C:\Documents and Settings\Jakob\Mina dokument\UnderhållninG\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Microsoft Office\Office\FINDFAST.EXE C:\Program\Microsoft Office\Office\OSA.EXE C:\Program\Mozilla Firefox\firefox.exe C:\HjT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/'>http://login1.telia.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://login1.telia.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVSCHED32] C:\Program\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Jakob\Mina dokument\UnderhållninG\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109622301589 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program\Ahead\InCD\InCDsrv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Link to comment Share on other sites More sharing options...
Zipp. Posted March 1, 2005 Share Posted March 1, 2005 Jepp nu är det ok. Link to comment Share on other sites More sharing options...
`Miraculous´ Posted March 1, 2005 Author Share Posted March 1, 2005 OK, sjysst!! Du har än en gång räddat min data.... Link to comment Share on other sites More sharing options...
.thumb.png.71a73be41d8bf63826729db87e16f1ce.png)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.