Hijack this logg

[BendItLikeBender]

Ser etter en keylogger av noe slag.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:15:19, on 05.09.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Logitech\G-series Software\LGDCore.exe

C:\Programfiler\Logitech\G-series Software\LCDMon.exe

C:\Programfiler\MSI\Live Update 3\LMonitor.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Logitech\G-series Software\Applets\LCDClock.exe

C:\Programfiler\Logitech\G-series Software\Applets\LCDMedia.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\GoogleCrashHandler.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Cloanto\Software Director\softdir.exe

F:\Hamachi\hamachi.exe

C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

F:\OpenOffice\OpenOffice.org 3\OpenOffice.org 3\program\soffice.exe

F:\OpenOffice\OpenOffice.org 3\OpenOffice.org 3\program\soffice.bin

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

F:\Spotify\spotify.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\All Users\Skrivebord\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://tw.msi.com.tw/autobios/VerChk/LSeri...nction=LMonitor

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\G-series Software\LCDMon.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LiveMonitor] C:\Programfiler\MSI\Live Update 3\LMonitor.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Clinkz\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: hamachi.lnk = F:\Hamachi\hamachi.exe

O4 - Startup: OpenOffice.org 3.0.lnk = F:\OpenOffice\OpenOffice.org 3\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Software Director Scheduler.lnk = C:\Programfiler\Fellesfiler\Cloanto\Software Director\softdir.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\TEMP\5939sys.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 7492 bytes

 

[GeirNord]

O20 - AppInit_DLLs: C:\WINDOWS\TEMP\5939sys.dll

 

Denne linjen ser svært mistenkelig ut. Fjern den, og kjør et sveip med SpyBot Search and Destroy. http://download.cnet.com/Spybot-Search-amp....html?tag=mncol

[BendItLikeBender]

Kan ikke delete den

[ask99]

Det er kanskje GoogleCrashHandler.exe,du mistenker!

[GeirNord]

Jeg vet ikke hvem av oss du refere til Ask99, men den dll filen jeg referer til har ikke noe med Google Update å gjøre. Der kjører alle filene fra profilområdet (c:\dociments and settings / c:\users) eller c:\programfiler.

 

BendIt LikeBender, prøv en omstart i sikkerhetsmodus og fjern referansen med HijackThis der, og kjør et nytt søk med Spybot.