Just nu i M3-nätverket
Jump to content

Behöver hjälp med att tyda hijackthis-logg


Universe

Recommended Posts

Hej

Har väldigt många processer igång i datorn (ca 100) och det känns som lite väl mycket, bland annat finns det sju stycken svchost.exe processer igång, vet inte om det är normalt men det känns inte så och jag skulle bli glad om nån vänlig själ tar en titt på min hijackthis-logg

Här är loggen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:12, on 2008-04-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program\ActivIdentity\ActivClient Mini\accoca.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program\Network Associates\Common Framework\FrameworkService.exe
C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Novell\ZENworks\nalntsrv.exe
C:\Program\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program\Sandboxie\SbieSvc.exe
C:\Program\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\SAFE\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe
C:\SAFE\Novell\ZENworks\Asset Management\Bin\CClient.exe
C:\Program\uphclean\uphclean.exe
C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
c:\_integra\bin\ccmagent.exe
C:\Program\Novell\ZENworks\wm.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program\Novell\ZENworks\WMRUNDLL.EXE
c:\_integra\bin\shstart.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program\ActivIdentity\ActivClient Mini\accrdsub.exe
C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program\Network Associates\Common Framework\McTray.exe
C:\Program\ActivIdentity\ActivClient Mini\acevents.exe
C:\Program\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program\SiteAdvisor\6253\SiteAdv.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\PowerISO\PWRISOVM.EXE
C:\Program\VMware\VMware Player\hqtray.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\MAFWTray.exe
C:\Program\Winamp\winampa.exe
C:\Program\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program\CursorXP\CursorXP.exe
C:\Program\Sandboxie\SbieCtrl.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Launchy\Launchy.exe
C:\Program\Stardock\ObjectDock\ObjectDock.exe
C:\Program\Styler\Styler.exe
C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program\Retrospect\Retrospect Express HD 2.0\RetroExpress.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skolsidan.edu.karlstad.se
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://skolsidan.edu.karlstad.se
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.edu.karlstad.se:8080;https=proxy.edu.karlstad.se:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.karlstad.se;10.*;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\_integra\bin\shstart.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program\Desktop Sidebar\sbhelp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [accrdsub] "C:\Program\ActivIdentity\ActivClient Mini\accrdsub.exe"
O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\Program\DELADE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program\Delade filer\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [shStatEXE] "C:\Program\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [siteAdvisor] C:\Program\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\SAFE\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\system32\MAFWTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [sandboxieControl] "C:\Program\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Skärmurklipp och start för OneNote 2007.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe 7.0.5\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Program\Launchy\Launchy.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://skolsidan.edu.karlstad.se
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://post.karlstad.se/dwa7W.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: 
O20 - Winlogon Notify: ackpbsc - C:\Program\ActivIdentity\ActivClient Mini\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program\ActivIdentity\ActivClient Mini\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program\ActivIdentity\ActivClient Mini\acachsrv.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program\ActivIdentity\ActivClient Mini\accoca.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program\Novell\ZENworks\nalntsrv.exe
O23 - Service: NewServiceInstall1 - Unknown owner - C:\SAFE\activePDF\PrimoPDF\PrimoPDF.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program\Retrospect\Retrospect Express HD 2.0\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program\Sandboxie\SbieSvc.exe
O23 - Service: SiteAdvisor-tjänst (SiteAdvisor Service) - Unknown owner - C:\Program\SiteAdvisor\6253\SAService.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\SAFE\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program\Delade filer\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Symantec LiveState Agent for Windows (WControl) - Symantec Corporation - c:\_integra\bin\ccmagent.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program\Novell\ZENworks\wm.exe

Link to comment
Share on other sites

Gå till http://www.virustotal.com/

klistra in ett av följande filnamn i

rutan, tryck på Skicka Fil och vänta tills resultatet är klart

(Närvarande status blir genomförd). Starta Anteckningar (Start - Program - Tillbehör). Kopiera resultatet från de olika

antivirusprogrammen på virustotal-sidan och kopiera in i Anteckningar. Kopiera sedan från Anteckningar och klistra in i ditt svar här. Upprepa med

nästa filnamn.
c:\_integra\bin\shstart.exe

Det är en gammal Java-version med säkerhetshål i datorn.  Jag rekommenderar dig att installera en ny från http://www.java.com/sv/

och därefter avinstallera alla Java/J2SE/JRE utom den senaste i

Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare

igång).

Det är väldigt många processer du har igång. Men det blir så med McAfee, Novell Zenworks, Actividentity mm,  men lite kan du väl få bort. Du kan slå upp filnamnen på O4-raderna i HijackThis-loggen på http://www.bleepingcomputer.com/startups/

och om det står U eller N i Status-kolumnen så läs beskrivningen och

avgör själv om det är något du vill ska starta automatiskt eller inte.

Om inte så hitta helst en inställning i programmet för att stänga av

den automatiska uppstarten, i andra hand så kan man avbocka motsvarande

rad i Start - Kör - msconfig - Autostart.

Link to comment
Share on other sites

Här är loggen från http://www.virustotal.com

AhnLab-V3 
2008.4.24.0 
2008.04.24 
-

AntiVir 
7.8.0.8 
2008.04.24 
-

Authentium 
4.93.8 
2008.04.24 
-

Avast 
4.8.1169.0 
2008.04.24 
-

AVG 
7.5.0.516 2008.04.23 
-

BitDefender 
7.2 
2008.04.24 
-

CAT-QuickHeal 
9.50 
2008.04.23 
-

ClamAV 
0.92.1 
2008.04.24 
-

DrWeb 
4.44.0.09170 
2008.04.24 
-

eSafe 
7.0.15.0 
2008.04.21 
-

eTrust-Vet 
31.3.5730 
2008.04.23 
-

Ewido 
4.0 
2008.04.23 
-

F-Prot 
4.4.2.54 
2008.04.23 
-

F-Secure
6.70.13260.0 
2008.04.24 
-

FileAdvisor 

2008.04.24 
-

Fortinet 
3.14.0.0 
2008.04.23 
-

Ikarus 
T3.1.1.26.0 
2008.04.24 
-

Kaspersky 
7.0.0.125 
2008.04.24 
-

McAfee 
5280 
2008.04.24 
-

Microsoft 
1.3408 
2008.04.22 
-

NOD32v2 
3050 
2008.04.24 
-

Norman 
5.80.02 
2008.04.23 
-

Panda 
9.0.0.4 
2008.04.23 
-

Prevx1 
V2 
2008.04.24
-

Rising 
20.41.30.00 
2008.04.24 
-

Sophos 
4.28.0 
2008.04.24 
-

Sunbelt 
3.0.1056.0 
2008.04.17 
-

Symantec 10 
2008.04.24 
-

TheHacker 
6.2.92.290 
2008.04.24 
-

VBA32 
3.12.6.4 
2008.04.16 
-

VirusBuster 
4.3.26:9 
2008.04.23 
-

Webwasher-Gateway 
6.6.2 
2008.04.24 
-


Additional information

File size: 110739 bytes
MD5...: 1ed9efbf0901a896539853d7a0fbf85f

SHA1..: 1f9b7513f294542eae508655f95a77f14967fad0

SHA256: 67731363b5a5de1cb9908a34695b8f90868549db529c34b70eb84b7224013b1d

SHA512: 3b7b1f7e8db7217b096cc5386c873904875fe3139860b9dcb6922f3a34d867ff

9362ba757335b374816bdc1c50e4e196d3c028a50eab8430b7fce95c38f8fa9b

PEiD..: Armadillo v1.71

PEInfo: PE Structure information

Link to comment
Share on other sites

Jag kollade upp shstart genom att söka på google och jag hittade den här informationen från http://www.auditmypc.com/

"The shstart.exe process is used by Symantec's CCM OnCommand management software package to allow remote interaction with your pc. If your computer is on a network you should leave this process running. If it is not, you should be able to safely terminate this process.

shstart.exe is an application that does NOT appear to be a security risk

The Process Server database currently registers shstart.exe to Symantec.

This is part of OnCommand CCM."

Som du sa verkar det vara en ofarlig fil. Det är ju brasmile.png

Hursomhelst är det väl inget annat som är fel så tack för tipsen Cecilia, jag ska fixa java-grejen så fort som möjligt och ta en titt på autostarten också.

Tack för alltlaugh.png

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...