Hijackthislogg - Nån som kan!?

Bort med:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xcprsjywuqcdytnocnwb.com...lnq7yyLFCe.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.txhzgtyfsg.net/GuQw5NT4z...VXyGvVNQjZk.php
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT..._my_car_pop.jsp
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

RealNCV:
These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

Det är iaf rekommenderat att man tar bort det programmet.

Det är adware. Laddade ner nyss RealVNC och det här hände för mig:
http://img.photobucket.com/albums/v378/Stolme/Real.jpg

Det är vad M$ AntiSpyware tycker ja, om man ska följa deras är råd är ju det lika bra att ta bort t.ex FF också isf .

Firefox.
http://www.mozilla.org/

FF == FireFox.

Edit: BLÄ!

ja vet att alla börjar bli trötta på hijackthis loggar.. men ja skulle behöva hjälp med denna. visste inte vad ja skulle klistra in så ja tog hela skiten:

Logfile of HijackThis v1.99.1
Scan saved at 02:02:37, on 2005-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\D-Tools\daemon.exe
C:\program\powerstrip\pstrip.exe
C:\Program\Java\jre1.5.0\bin\jusched.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program\UltraMon\UltraMon.exe
C:\Program\SpeedFan\speedfan.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Admin^\Skrivbord\VT-server-OLD\ventrilo_srv.exe
C:\Program\Steam\Steam.exe
C:\Program\NetLimiter\NetLimiter.exe
c:\program\winamp\winamp.exe
C:\Program\mIRC\mirc.exe
C:\Program\BitComet\BitComet.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\VentriloO\Ventrilo.exe
C:\WINDOWS\explorer.exe
C:\Program\UltraMon\UltraMonTaskbar.exe
C:\Documents and Settings\Admin^\Skrivbord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PowerStrip] c:\program\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [BitComet] "C:\Program\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Startup: speedfan.lnk = C:\Program\SpeedFan\speedfan.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: UltraMon.lnk = C:\Program\UltraMon\UltraMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O23 - Service: Apache2 - Unknown owner - C:\Program\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner - C:\Program\ConnectionKeeper\lfck.exe" --startAsService (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Hittade inga "skumma" filer.

har du nån anning om vad

O4 - HKLM\..\Run: [xhrmy] C:\WINDOWS\Xhrmy.exe <<< är förnåge?

Hmm. Det verkar som det är adware.

http://www.liutilities.com/products/wintaskspro/processlibrar...
http://www.techspot.com/vb/archive/index/t-19658.html

Nu är ju inte jag nån expert men bort med:

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmnext.exe

förövrigt ser det bra ut