Just nu i M3-nätverket
Jump to content

hijackthis


rimag

Recommended Posts

någon vänlig själ som kan kolla igenom min logg?

 

Logfile of HijackThis v1.98.2

Scan saved at 17:40:30, on 2005-05-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\BackWeb-1334833.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Java\jre1.5.0\bin\jusched.exe

C:\Program\D-Tools\daemon.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program\ISTsvc\istsvc.exe

C:\WINDOWS\qqhxribl.exe

C:\Documents and Settings\Familjen\Internet Optimizer\optimize.exe

C:\WINDOWS\system32\tbctray.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\BullsEye Network\bin\bargains.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Logitech\iTouch\kbdtray.exe

C:\WINDOWS\System32\exdl1.exe

C:\Documents and Settings\Familjen\Skrivbord\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe jusched.exe

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program\SideFind\sfbho.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iST Service] C:\Program\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [FLUd4] C:\WINDOWS\qqhxribl.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Documents and Settings\Familjen\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [bullsEye Network] C:\Program\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Registration-Studio 7SE.lnk = C:\Program\Pinnacle\Studio 7\Register\RegTool.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program\SideFind\sidefind.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Microsoft AntiSpyware helper - {C08171E6-B15C-4B3A-8189-4C687E243DA4} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C08171E6-B15C-4B3A-8189-4C687E243DA4} - (no file) (HKCU)

 

 

 

//Tackar på förhand, Rickard.

 

Link to comment
Share on other sites

Avinstallera via Kontrollpanelen om det finns

 

SideFind

IST Service

Internet Optimizer

BullsEye Network

 

Sen ta bort dessa mappar om hittas

 

C:\Program\SideFind\ <

C:\Program\ISTsvc\ <

C:\Documents and Settings\Familjen\Internet Optimizer\ <

C:\Program\BullsEye Network\ <

 

Sen rensa datorn med Ad-Aware.

Starta om datorn sen och skicka en ny Hijack logg med denna version

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

 

 

 

 

Link to comment
Share on other sites

Vissa av mapparna gick inte att ta bort...

 

log:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:27:01, on 2005-05-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\BackWeb-1334833.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Java\jre1.5.0\bin\jusched.exe

C:\Program\D-Tools\daemon.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Documents and Settings\Familjen\Internet Optimizer\optimize.exe

C:\WINDOWS\system32\tbctray.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Logitech\iTouch\kbdtray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Familjen\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe jusched.exe

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\Program\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [internet Optimizer] "C:\Documents and Settings\Familjen\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [bullsEye Network] C:\Program\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Registration-Studio 7SE.lnk = C:\Program\Pinnacle\Studio 7\Register\RegTool.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe

O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Microsoft AntiSpyware helper - {C08171E6-B15C-4B3A-8189-4C687E243DA4} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C08171E6-B15C-4B3A-8189-4C687E243DA4} - (no file) (HKCU)

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Client - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program\Glocalnet Säkerhetspaket\Common\FSAA.EXE (file missing)

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\DFW\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\fswsclds.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Spy Emergency Service (SEServ) - Netgate - C:\Program\Spy Emergency\Service\SeServ.exe

 

 

 

// det kommer upp en ruta som säger nåt om "jusched" när jag startar datorn...

kan jag ta bort C:\Program\Java\jre1.5.0\bin\jusched.exe

tro?

 

 

Link to comment
Share on other sites

Skapa en ny mapp på C:\ och placera HijackThis.exe dit så C:\HjT\HijackThis.exe

 

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och alla andra öppna fönster och klicka FIX checked

 

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)

O4 - HKLM\..\Run: [internet Optimizer] "C:\Documents and Settings\Familjen\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [bullsEye Network] C:\Program\BullsEye Network\bin\bargains.exe

O9 - Extra button: Microsoft AntiSpyware helper - {C08171E6-B15C-4B3A-8189-4C687E243DA4} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C08171E6-B15C-4B3A-8189-4C687E243DA4} - (no file) (HKCU)

 

 

Starta sen i felsäkert läge och ta bort mappar du inte fick bort i normalläge.

 

> kan jag ta bort C:\Program\Java\jre1.5.0\bin\jusched.exe <

 

Tillhör Java stäng av den.

 

Hämta + installera updateringar (Windows Update)

 

 

 

 

[inlägget ändrat 2005-05-10 18:46:57 av Zipp]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...