Kan noen ta en titt på en Hijackthis.log ?

[Swampen]

Min internett-linje går utrolig treigt, får en fjerdedel av den farten jeg betaler for(NGT) slik har det vært i 3mnd nå. Jeg håper noen kan ta en titt på hijack-loggen min. Har scannet pc'n med NOD32, og Ad-aware uten å finne noe..

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:05:34, on 05.05.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

D:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Lexmark 2300 Series\lxcgmon.exe

C:\Programfiler\Lexmark 2300 Series\ezprint.exe

C:\WINDOWS\system32\sstray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\lxcgcoms.exe

D:\Programfiler\iTunes\iTunesHelper.exe

D:\Programfiler\Eset\nod32kui.exe

D:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe

C:\Programfiler\Messenger\msmsgs.exe

D:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe

C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

D:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\malios\Skrivebord\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Programfiler\Lexmark 2300 Series\lxcgmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Programfiler\Lexmark 2300 Series\ezprint.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programfiler\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] D:\Programfiler\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [ppmate] D:\Programfiler\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM\..\Run: [nod32kui] "D:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "D:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = D:\Programfiler\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - D:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programfiler\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/502...geUploader3.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: iPod-tjeneste (iPodService) - Apple Computer, Inc. - D:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - D:\Programfiler\Norman\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programfiler\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programfiler\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

 

--

End of file - 6949 bytes

[Vasily]

C:\WINDOWS\Explorer.EXE

 

Skal ikke den ha små bokstaver?

[Vasily]

fjern PPMate fra maskina di..

Bruk heller SopCast

PPMate stoler jeg ikke helt på.. Mye rart i den programsnutten tror jeg..

Endret 6. mai 2007 av Vasily

[Vasily]

Kjør en scan med Spybot Search & Destroy også..

 

Last ned og kjør oppdater det

http://www.spybotupdates.com/files/spybotsd14.exe

[Vasily]

Ofte kan det være et problem å finne trojaner utifra hijack-log. Det er fordi filer som svchost.exe, explorer.exe osv.. blir overskrevet.

[Vasily]

Har du en oppdatert Winxp? Internet Explorer 7?

Hvilken browser bruker du? Håper du bruker Firefox

 

Skaff deg en firewall og sjekk hva som går ut og inn..

Endret 6. mai 2007 av Vasily

[Swampen]

Takk for svar! Har slettet ppmate, og bruker firefox og opdatert windows xp sp2. Skal prøve med spybot og firewall.

Endret 6. mai 2007 av Swampen