Just nu i M3-nätverket
Jump to content

HJT-logg


Daniel_82

Recommended Posts

jag har egentligen inga problem med datorn, men skulle ändå gärna vilja att någon kunnig skulle kunna gå igenom denna HJT-logg och se om det finns något onödigt/skadligt där som jag kan ta bort från datorn.
Kan nämna att jag utvecklar web-sidor så vissa program/filer i loggen behöver köras, t.ex. WAMP, Apache, MySQL.

Tackar på förhand.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:36, on 2008-10-12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ActivIdentity\ActivClient Mini\acachsrv.exe
C:\Program\ActivIdentity\ActivClient Mini\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\COMODO\Firewall\cmdagent.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\flcdlock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\Sminst\Recguard.exe
C:\Program\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\Desktop Sidebar\dsidebar.exe
C:\Program\hpq\Shared\HPQTOA~1.EXE
C:\Program\PeerGuardian 2\pg2.exe
C:\Program\Windows Media Player\WMPNSCFG.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Mozilla Firefox\firefox.exe
F:\Installationsfiler\Anti Virus - Spyware - Adware - Brandvägg\hijackthis 2.0\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program\ekort\Bhoekort.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program\Desktop Sidebar\sbhelp.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\Program\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iSUSPM] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [sIDEBAR] "C:\Program\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [PeerGuardian] C:\Program\PeerGuardian 2\pg2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Anpassa meny - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fyll i formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: RF verktygsfält - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Spara formulär - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skapa mobilfavorit - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll i formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spara formulär - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF verktygsfält - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program\ekort\ekort.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ackpbsc - C:\Program\ActivIdentity\ActivClient Mini\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program\ActivIdentity\ActivClient Mini\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: ActivClient Authentication Service (acachsrv) - ActivIdentity - C:\Program\ActivIdentity\ActivClient Mini\acachsrv.exe
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program\ActivIdentity\ActivClient Mini\accoca.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program\Delade filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\Program\WinTV\EPG Services\System\EPGService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe (file missing)
O23 - Service: Nofeel FTP Server Service - NofeelSoft - C:\Program\Nofeel FTP Server\nftpdsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program\Delade filer\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program\Delade filer\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program\Delade filer\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\Wamp Server 2\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\Wamp Server 2\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 16304 bytes

Link to comment
Share on other sites

Jag ser inget skadligt i loggen.

Du kan slå upp filnamnen på O4-raderna i HijackThis-loggen på http://www.bleepingcomputer.com/startups/ och om det står U eller N i Status-kolumnen så läs beskrivningen och avgör själv om det är något du vill ska starta automatiskt eller inte. Om inte så hitta helst en inställning i programmet för att stänga av den automatiska uppstarten, i andra hand så kan man avbocka motsvarande rad i Start - Kör - msconfig - Autostart.

Här finns lite tips till en seg dator:
http://www.castlecops.com/t175258-Slow_Computer_Check_here_first_
it_may_not_be_malware.html


Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...