HiJackThis greining


Höfundur
Jth
Græningi
Póstar: 42
Skráði sig: Þri 25. Okt 2005 10:00
Reputation: 0
Staða: Ótengdur

HiJackThis greining

Pósturaf Jth » Lau 02. Ágú 2008 21:07

Ég er nokkuð viss um að spyware sé komið upp á tölvunni minni, þannig að gætuð þið "analyzerað" þessa log file sem ég fékk út úr HiJackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:05, on 2.8.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Internet Security\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Internet Security\avp.exe
C:\Program Files\AltSwitch\AltSwitch.exe
C:\Program Files\AnyDVD\AnyDVD.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\charmap.exe
C:\Program Files\Kaspersky Internet Security\avp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://next.my.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.rhi.hi.is:8080
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PC-Checkup] "C:\Program Files\PC-Checkup\PCCheckUp.exe" -mini
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Internet Security\avp.exe"
O4 - HKCU\..\Run: [AltSwitch] "C:\Program Files\AltSwitch\AltSwitch.exe"
O4 - HKCU\..\Run: [COMODO BOClean - Anti-Malware] "C:\Program Files\BOClean\BOC425.EXE"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Program Files\Visual Task Tips\VisualTaskTips.exe"
O4 - HKCU\..\Run: [PlainSight Desktop Calendar] "C:\Program Files\PlainSight Desktop Calendar\Calendar.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 6.000001df
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Capture Page to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddLinkEntryFromDocument.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Internet Security\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Capt&ure Target to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture &Snippet to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentSelection.html
O8 - Extra context menu item: Capture Ima&ge to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddEntryFromDocumentElement.html
O8 - Extra context menu item: Capture Page and Selected &Links to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteSnippetFromDocumentSelection.html
O8 - Extra context menu item: Capture Selected Ite&ms to Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddMultipleEntriesFromDocumentSelection.html
O8 - Extra context menu item: Capture Site to &Onfolio... - res://C:\Program Files\Onfolio\Onfolio.WindowsResources.dll/AddSiteFromDocument.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5be0f3063d014fc3aaf26fc5c16ba309
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5be0f3063d014fc3aaf26fc5c16ba309
O8 - Extra context menu item: UseFlashGet - C:\Documents and Settings\Jón Þór\Desktop\Flashget20\Flashget2.0\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Documents and Settings\Jón Þór\Desktop\Flashget20\Flashget2.0\ComDlls\Bhoall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Internet Security\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mind Manager\Mm7InternetExplorer.dll
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Internet Security\adialhk.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Internet Security\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - (no file)
O23 - Service: Sophos AutoUpdate Service - Unknown owner - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11207 bytes








......og svo..........



StartupList report, 2.8.2008, 21:05:54
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP3 (6.00.2900.5512)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Kaspersky Internet Security\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Kaspersky Internet Security\avp.exe
C:\Program Files\AltSwitch\AltSwitch.exe
C:\Program Files\AnyDVD\AnyDVD.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\charmap.exe
C:\Program Files\Kaspersky Internet Security\avp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SynTPStart = C:\Program Files\Synaptics\SynTP\SynTPStart.exe
UnlockerAssistant = "C:\Program Files\Unlocker\UnlockerAssistant.exe"
SynTPEnh = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
PC-Checkup = "C:\Program Files\PC-Checkup\PCCheckUp.exe" -mini
AVP = "C:\Program Files\Kaspersky Internet Security\avp.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AltSwitch = "C:\Program Files\AltSwitch\AltSwitch.exe"
COMODO BOClean - Anti-Malware = "C:\Program Files\BOClean\BOC425.EXE"
AnyDVD = "C:\Program Files\AnyDVD\AnyDVD.exe"
VisualTaskTips = "C:\Program Files\Visual Task Tips\VisualTaskTips.exe"
PlainSight Desktop Calendar = "C:\Program Files\PlainSight Desktop Calendar\Calendar.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

(Default) = C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 6.000001df

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[Disabled]
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

[Disabled]
= C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... 6.000001df

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Kaspersky Internet Security\adialhk.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\Flux.sCr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {0A87E45F-537A-40B4-B812-E2544C21A09F}
(no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NCO 2.0 IE BHO - (no file) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
Symantec Intrusion Prevention - (no file) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\Program Files\MSN\Toolbar\3.0.0427.0\msneshellx.dll - {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
(no name) - C:\PROGRA~1\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Check Updates for Windows Live Toolbar.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/fl ... rashim.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 7.936 bytes
Report generated in 0,063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



Skjámynd

DoofuZ
1+1=10
Póstar: 1127
Skráði sig: Lau 30. Okt 2004 16:02
Reputation: 8
Staðsetning: Rivertown
Staða: Ótengdur

Re: HiJackThis greining

Pósturaf DoofuZ » Sun 03. Ágú 2008 02:29

Ég sé svosem ekkert í Running processes listanum sem þú ættir að hafa áhyggjur af en þú ert með aðeins of mikið af BHO (Browser Helper Objects), getur látið HJT henda út öllu þar sem hefur (no file) fyrir aftan. Kannski ekki neitt alvarlegt í gangi með það allt en gott að hreinsa aðeins til í BHO listanum. Þú getur líka hent út þessu "QT Breadcrumbs Address Bar" sem er í Toolbar þar sem það vantar líka skrá þar. Svo er eitt annað þar sem hefur hvorki nafn né skrá, hentu því líka út. Mér fannst "UnlockerAssistant" og "COMODO BOClean - Anti-Malware" í run listanum vera svoldið gruggugt en smá gúgl sagði að það ætti bæði að vera í lagi. Restin af log skránni segir nú varla mikið meira nema kannski bara að það vantar skrár fyrir bæði "Ashampoo AntiSpyWare 2 Service" og "Sophos AutoUpdate Service" svo það er líka hægt að hreinsa það í burtu.

Ég sé nú ekkert spyware í þessum lista, bara þetta smádót sem ég er búinn að telja upp sem þarf að hreinsa í burtu en ekkert af því er spyware. Hvað er það sem segir þér að þú sért líklega með spyware inná tölvunni? :-k Samkvæmt þessari log skrá þá tel ég frekar öruggt að þú sért ekki með neitt spyware í gangi hjá þér.


Gigabyte GA-MA790FXT-UD5P, AMD Phenom II X4 955 @3.2Ghz, 2 x 4gb Corsair Vengeance DDR3 @1600mhz LP, EVGA Geforce GTX 760, Seagate Barracuda 500gb, 20x Sony DVDRW, TT Big Typhoon og 700W Tagan BZ allt í Cooler Master Stacker kassa með 55" Philips HDTV :]


Höfundur
Jth
Græningi
Póstar: 42
Skráði sig: Þri 25. Okt 2005 10:00
Reputation: 0
Staða: Ótengdur

Re: HiJackThis greining

Pósturaf Jth » Sun 03. Ágú 2008 13:45

Takk fyrir :D

Hef þó smá áhyggjur af þessu sem hefur hvorki nafn né skrá - en hendi því út :) Meinið var það að þó svo að ég var kannski með 2 gb eftir á disknum og var bara að vafra um á netinu (ekkert download í gangi né neitt bakgrunnsforrit - bara vafrinn opinn) að þá kom melding um það að ég væri orðinn low á disc space ...það þótti mér, og þykir, gruggugt. Hef hinsvegar ekki orðið var við neitt síðan eftir að ég downloadaði HiJackThis og er með 2,24 gb á disknum ...án þess þó að ég gerði neitt (einhvern veginn hrökk hún upp úr þessum ca 300 mb sem eftir var upp í rúm 2 gb #-o )



Skjámynd

DoofuZ
1+1=10
Póstar: 1127
Skráði sig: Lau 30. Okt 2004 16:02
Reputation: 8
Staðsetning: Rivertown
Staða: Ótengdur

Re: HiJackThis greining

Pósturaf DoofuZ » Þri 05. Ágú 2008 15:46

Prófaðu að defragga diskinn, mig grunar að þú sért búinn að vera að nota diskinn mjög mikið en það getur fraggað diskinn töluvert og þá geta ýmis skrítin vandamál komið upp eins og það að diskurinn virðist hafa minna pláss eftir en hann raunverulega er með. Mæli samt með að þú notir scandisk á diskinn fyrst.


Gigabyte GA-MA790FXT-UD5P, AMD Phenom II X4 955 @3.2Ghz, 2 x 4gb Corsair Vengeance DDR3 @1600mhz LP, EVGA Geforce GTX 760, Seagate Barracuda 500gb, 20x Sony DVDRW, TT Big Typhoon og 700W Tagan BZ allt í Cooler Master Stacker kassa með 55" Philips HDTV :]


Höfundur
Jth
Græningi
Póstar: 42
Skráði sig: Þri 25. Okt 2005 10:00
Reputation: 0
Staða: Ótengdur

Re: HiJackThis greining

Pósturaf Jth » Lau 09. Ágú 2008 11:08

Þakka þér fyrir




dorg
has spoken...
Póstar: 171
Skráði sig: Lau 24. Jún 2006 10:19
Reputation: 2
Staðsetning: Reykjavík
Hafðu samband:
Staða: Ótengdur

Re: HiJackThis greining

Pósturaf dorg » Lau 09. Ágú 2008 11:37

Það eina sem mér finnst verulega afbrigðilegt er fjöldi vírusvarnarforrita/antispyware sem eru keyrandi eða leyfar af þeim

myndi keyra msconfig og henda út þeim leyfum sem eru eftir af forritum sem þú ert hættur að nota


Eru þetta ekki Norton leyfar?

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)

Bæði með Windows Defender og Spybot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Alveg óþolandi margir toolbars keyrandi myndi fækka þeim alveg að ósekju.

Enn eitt antispyware dótið
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - (no file)

Þarna eru einhverjar leyfar af Sophos að því er virðist.
O23 - Service: Sophos AutoUpdate Service - Unknown owner - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe (file missing)

Gætir prófað að keyra CCleaner til að hreinsa eitthvað af þessu upp.

Eins miklu betra að senda svona til analyseringar þegar þú hefur ekki startað neinum forritum
eða eingöngu þeim sem eru að valda vandræðum.

Svolítið erfitt að átta sig á hvað tilheyrir hverju þegar svona margt er komið í gang.