Kan någon tyda Hijackthislogg

[sst]

Har kört både norton och adaware i felsäkert läge

men får inte bort spywaren

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:23:08, on 2005-04-15

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program\Dell\Media Experience\PCMService.exe

C:\Program\Java\j2re1.4.2_06\bin\jucheck.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\Lavasoft\AD-AWA~1\Ad-Watch.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\Microsoft Office\Office\FINDFAST.EXE

C:\Program\Microsoft Office\Office\OSA.EXE

C:\Program\AutoCAD 2002\acad.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\stefan.JET.VVS\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm'>http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Application Accelerator\iaanotif.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [JobHisInit] C:\Program\RMClient\JobHisInit.exe

O4 - HKLM\..\Run: [MplSetUp] C:\Program\RMClient\MplSetUp.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AWMON] "C:\Program\Lavasoft\AD-AWA~1\Ad-Watch.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Microsoft Office Snabbsökning.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE

O4 - Startup: Office-autostart.lnk = C:\Program\Microsoft Office\Office\OSA.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~4\inetrepl.dll

O15 - Trusted Zone: *.playout.se

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.boden.se/qp2.cab

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {3C6B68EB-0BEB-45C3-8904-C4AD3CF933CD} (WebCamX Control) - http://203.70.82.229/WebCamX.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097738456125

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.215.5/activex/AxisCamControl.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program\AutoCAD 2002\InstBanr.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program\AutoCAD 2002\InstFred.ocx

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program\AutoCAD 2002\AcPreview.ocx

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

 

[Zipp.]

Jag ser inget i loggen.

 

> men får inte bort spywaren <

 

Vad är det som hittas och var är den?

 

 

 

 

 

[Ludde49]

 

Jag säger inte att du ska ta bort dessa, men efter att ha kollat dom verkar dom vara onödiga. jag kan ha fel så kolla dom ordentligt. Vissa handlar det bara om att ladda ner uppdateringar och andra så läser den inte in västeuropeiskt språk.

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.boden.se/qp2.cab

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {3C6B68EB-0BEB-45C3-8904-C4AD3CF933CD} (WebCamX Control) - http://203.70.82.229/WebCamX.cab

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program\AutoCAD 2002\AcDcToday.ocx

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://194.23.215.5/activex/AxisCamControl.cab

O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program\AutoCAD 2002\InstBanr.ocx

 

 

[inlägget ändrat 2005-04-15 18:52:16 av Ludde49]

[inlägget ändrat 2005-04-15 18:53:55 av Ludde49]