Kan noen analysere denne HijackThis loggen?

[Cerb89]

Hei

 

Jeg kunne trent litt hjelp til en anyayse av denne loggen, noen som gidder? og hva som eventuelt kan gjøres for å forbedere den.

 

Takk på forhånd

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:55:18, on 10.03.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\PRISMSVR.EXE

C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe

C:\Programfiler\MessengerPlus! 3\MsgPlus.exe

C:\Programfiler\Eset\nod32kui.exe

C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe

C:\WINDOWS\MXOALDR.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Security Administrator\newadmin.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Petter\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iqwhvofphsiipvcchc.org/JOXe7QBs...QXQS4QWSl3.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {A70E18F6-9F55-86AE-3077-9401561F9309} - C:\DOCUME~1\Petter\PROGRA~1\ARMYMF~1\this title.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [00saskda] "C:\Programfiler\Security Administrator\newadmin.exe" saskda

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [1 great] C:\DOCUME~1\Petter\PROGRA~1\PROCPL~1\Ford Bind Slow.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.ex" -silent

O4 - Startup: Adobe Gamma.lnk.disabled

O4 - Global Startup: Adobe Gamma Loader.lnk.disabled

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

 

 

 

[Jubelsau]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iqwhvofphsiipvcchc.org/JOXe7QBs...QXQS4QWSl3.html

 

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE (file missing)

[Pozzolan]

Vet du hva slags programmer disse kommer fra?

O2 - BHO: (no name) - {A70E18F6-9F55-86AE-3077-9401561F9309} - C:\DOCUME~1\Petter\PROGRA~1\ARMYMF~1\this title.exe

O4 - HKCU\..\Run: [1 great] C:\DOCUME~1\Petter\PROGRA~1\PROCPL~1\Ford Bind Slow.exe

 

De så litt mistenkelige ut så hvis du ikke vet hva de kommer fra så kan du nok slette dem.

 

Fjern også

 

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

 

Hva er egentlig problemet? Får du popups eller noe eller vil du bare forsikre deg at er ok?

[Cerb89]

bare sjekke om alt var ok egentlig