Noen som orker å se hijackthis loggen min?

BendItLikeBender · 6. august 2009

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:12:46, on 06.08.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\Programfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Logitech\G-series Software\LCDMon.exe

C:\Programfiler\MSI\Live Update 3\LMonitor.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Steam\Steam.exe

C:\Programfiler\Creative\Shared Files\CamTray.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

F:\Hamachi\hamachi.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\ATKKBService.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Windows Live\Contacts\wlcomm.exe

F:\Mozilla Firefox\firefox.exe

C:\Programfiler\Skype\Toolbars\Shared\SkypeNames.exe

F:\Spotify\spotify.exe

F:\VideoLAN\vlc.exe

F:\uTorrent\uTorrent.exe

C:\Documents and Settings\All Users\Skrivebord\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GameFace Messenger] C:\Programfiler\GameFace Messenger\GameFace.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe Reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "D:\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programfiler\Creative\Shared Files\CamTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] F:\Daemon Tools\DAEMON Tools Lite\daemon.exe -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: hamachi.lnk = F:\Hamachi\hamachi.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Takk for svar på forhånd

Svenni212000 · 6. august 2009

Jeg har ikke noe med det, men hvorfor har du programmene spredt overalt?

- kjenner jeg ikke til GameFace, men slike programmer pleier ofte å være ulumske.

[VF0060 STISvc] RunDLL32.exe kan være infisert, dog antaglivis fra en sikker kilde. Tilhører antaglivis Creative Cam.

- Du har også mange programmer som ikke trenger å starte sammen med Windows:

¤ nwiz.exe

¤ GameFace.exe

¤ Reader_sl.exe

¤ jusched.exe

¤ LGDCore.exe (?)

¤ LCDMon.exe (?)

¤ KHALMNPR.EXE (?)

¤ ctfmon.exe

¤ Steam.exe

¤ CamTray.exe

¤ msnmsgr.exe

¤ Skype.exe

¤ daemon.exe (?)

¤ SetPoint.exe (?)

PS: Prosessor merket med (?) bør du være forsiktig med å deaktivere, les først gjennom og se om du benytter deg av dens funksjoner før du deaktivcerer disse. De andre kan du trygt deaktivere fra oppstart uten noe fare, og er høyst anbefalt fra min side, det vil frigjør en del systemressurser. Du kan bruke CCleaner for å enkelt aktivere/deaktivere disse oppstartsprosessene

PPS: Du kan for at vi skal være mer sikkre, kjøre MBAM og poste loggen her i denne tråden.

https://www.diskusjon.no/index.php?showtopic=691246

BendItLikeBender · 6. august 2009

Har mange partisjoner, liker å ha det ryddig

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.40

Databaseversjon: 2571

Windows 5.1.2600 Service Pack 3

06.08.2009 21:00:02

mbam-log-2009-08-06 (21-00-02).txt

Skanntype: Rask Skann

Objekter skannet: 83699

Tid tilbakelagt: 3 minute(s), 20 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert: