[Løyst] HighJackThis Loggfil

lassaron-jon · 9. januar 2010

Eg var rett og slett eit grauthaue. Av ein eller anna grunn hadde eg slått av Brannmuren min, og litt etterpå streama eg litt tv-shows. Trykte ved uhell på ein popup og så var leiken i gang.

Har fått fjerna Fake "Windows Security Alert" popup som var svært irriterande, og den hadde opna for ein del anna malware på maskina mi som eg har fått fjerna. Vil sjekke at alt er i orden no. Nokon som kan sjå noko rot her?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:26:01, on 09.01.2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\lxdncoms.exe

C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Lexmark 2600 Series\ezprint.exe

C:\Programfiler\Skype\Phone\Skype.exe

C:\Programfiler\Messenger\msmsgs.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\RALINK\Common\RaUI.exe

C:\Programfiler\Skype\Plugin Manager\skypePM.exe

C:\Programfiler\Lavasoft\Ad-Aware\Ad-Aware.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe

C:\Documents and Settings\kjetil\Mine dokumenter\Nedlastingar\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [start WingMan Profiler] C:\Programfiler\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Programfiler\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Programfiler\Lexmark 2600 Series\ezprint.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\S-1-5-21-1220945662-1647877149-682003330-1003\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')

O4 - HKUS\S-1-5-21-1220945662-1647877149-682003330-1003\..\Run: [Polar Sync] (User '?')

O4 - HKUS\S-1-5-21-1220945662-1647877149-682003330-1003\..\Run: [PlayNC Launcher] (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://ssl.kirkedata.no/XTSAC.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Programfiler\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe

O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programfiler\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programfiler\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--

End of file - 6383 bytes

Endret 10. januar 2010 av lassaron-jon

norbat · 9. januar 2010

Loggen ser grei ut.

Du bør imidlertid oppdatere windows (start->alle programmer->windows update)

lassaron-jon · 10. januar 2010

Ok takk takk

Logg inn

[Løyst] HighJackThis Loggfil

Anbefalte innlegg

lassaron-jon

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

lassaron-jon

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Elon Musk er verdens beste Diablo 4 spiller. 1 2

Trusselen mot Demokratiet 1 2 3 4

Hvem er aktive 0 medlemmer