Gå til innhold

Kan noen sjekke denne HJT-loggen?

hiorth

Av hiorth
i IKT-drift og sikkerhet

Anbefalte innlegg

hiorth

hiorth

Skrevet
Skrevet

Logfile of HijackThis v1.99.1

Scan saved at 21:50:45, on 27.01.2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\System32\svchosts.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\System32\ishost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\ismon.exe

C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe

I:\Programfiler\Logitech\MouseWare\system\em_exec.exe

I:\programfiler\powerstrip\pstrip.exe

C:\WINDOWS\System32\ctfmon.exe

I:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe

C:\Programfiler\MSI\Core Center\CoreCenter.exe

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\taskmgr.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\?racle\??rvices.exe

C:\DOCUME~1\THOMAS~1\LOKALE~1\Temp\!update.exe

C:\DOCUME~1\THOMAS~1\PROGRA~1\CROSOF~1\chkdsk.exe

I:\Programfiler\WinRAR\WinRAR.exe

C:\DOCUME~1\THOMAS~1\LOKALE~1\Temp\Rar$EX00.813\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {18C44081-D269-F5C8-1901-A858130BF79D} - C:\WINDOWS\System32\qhul.dll

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [PowerStrip] i:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\vspjftbi.dll",setvm

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] I:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: taskmgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - I:\Programfiler\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - I:\Programfiler\Magic NetTrace\MTIE.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Programfiler\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Programfiler\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O12 - Plugin for .3GP: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin4.dll

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_no.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_no.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: fast.dll C:\WINDOWS\System32\ping.dll

O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\System32\pmnqguh.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - I:\Programfiler\AliasWavefront\Maya5.0\docs\Wrapper.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000137 (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Programfiler\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - I:\Programfiler\Spyware Doctor\sdhelp.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - I:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

 

På forhånd takk :)

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
hiorth

hiorth

Skrevet
  • Forfatter
Skrevet

Jeg byttet navn på hjt.

 

Logfile of HijackThis v1.99.1

Scan saved at 21:58:25, on 27.01.2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\System32\svchosts.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\WINDOWS\System32\ishost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\ismon.exe

C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe

I:\Programfiler\Logitech\MouseWare\system\em_exec.exe

I:\programfiler\powerstrip\pstrip.exe

C:\WINDOWS\System32\ctfmon.exe

I:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe

C:\Programfiler\MSI\Core Center\CoreCenter.exe

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\taskmgr.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Programfiler\?racle\??rvices.exe

C:\DOCUME~1\THOMAS~1\LOKALE~1\Temp\!update.exe

C:\DOCUME~1\THOMAS~1\PROGRA~1\CROSOF~1\chkdsk.exe

I:\Programfiler\Winamp\winamp.exe

C:\Documents and Settings\Thomas Hiorth\Skrivebord\annet navn.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {18C44081-D269-F5C8-1901-A858130BF79D} - C:\WINDOWS\System32\qhul.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {18C44081-D269-F5C8-1901-A858130BF79D} - C:\WINDOWS\System32\qhul.dll

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\dugqkikq.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Programfiler\Spybot - Search & Destroy\SDHelper.dll (file missing)

O2 - BHO: (no name) - {553F01ED-6FCF-408A-810B-129AFDF3809a} - C:\WINDOWS\System32\gurfpirc.dll

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\pnxtcedd.dll

O2 - BHO: (no name) - {C954C14A-5C79-4A14-832C-27389F28A5A2} - C:\WINDOWS\Config\ualamxl.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - I:\Programfiler\FlashFXP\IEFlash.dll

O2 - BHO: (no name) - {F40A8C29-199C-6731-BFDB-65848F951DCC} - C:\WINDOWS\System32\tkhp.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_01\bin\jusched.exe

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [PowerStrip] i:\programfiler\powerstrip\pstrip.exe

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\vspjftbi.dll",setvm

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] I:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: taskmgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - I:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

O9 - Extra button: Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - I:\Programfiler\Magic NetTrace\MTIE.exe

O9 - Extra 'Tools' menuitem: &Magic Nettrace - {92848C13-5482-49CB-B31C-CA8D74EFF508} - I:\Programfiler\Magic NetTrace\MTIE.exe

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Programfiler\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - I:\Programfiler\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\MSMSGS.EXE

O12 - Plugin for .3GP: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin4.dll

O15 - Trusted Zone: http://locator.cdn.imageservr.com

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_no.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_no.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: fast.dll C:\WINDOWS\System32\ping.dll

O20 - Winlogon Notify: ualamxl - C:\WINDOWS\Config\ualamxl.dll

O20 - Winlogon Notify: winyzz32 - winyzz32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\System32\pmnqguh.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - I:\Programfiler\AliasWavefront\Maya5.0\docs\Wrapper.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000137 (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Trend Micro Personal Firewall (PccPfw) - Unknown owner - C:\Programfiler\Trend Micro\Internet Security\PccPfw.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - I:\Programfiler\Spyware Doctor\sdhelp.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - I:\Programfiler\Webroot\Spy Sweeper\WRSSSDK.exe (file missing)

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...