 |  |  |  |  |  |  |  |
HiJackThis-log for viewing - please help :-)
 |
I'm not that much of a computer brainer... so here goes: My computer has been running really slowly lately (I have defragmented it) - and I've got a lot of running processes. Could any of you tell me if you see anything strange in this log I created using HiJackThis?
Thanks in advance.
Clusen
----------------
StartupList report, 18-12-2003, 07:14:14
StartupList version: 1.52
Started from : C:\Documents and Settings\Claus Peter Hastrup\Skrivebord\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\VirusBuster\Bin\VBCMServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\QKeys\QKeys.EXE
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Creative\ShareDLL\MEDIADET.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Bridge Base Online\NetBridgeVu.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Claus Peter Hastrup\Skrivebord\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menuen Start\Programmer\Start]
Adobe Gamma Loader.lnk = ?
Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
QKeys = C:\Programmer\QKeys\QKeys.EXE
AdaptecDirectCD = "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Omnipage = C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
QuickTime Task = "C:\Programmer\QuickTime\qttask.exe" -atboottime
XTNDConnect PC - ErPhn2 = C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
MsnMsgr = "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\FLLESF~1\Real\Toolbar\realbar.dll - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Programmer\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[OSInfo Control]
InProcServer32 = C:\WINDOWS\OSInfo.ocx
CODEBASE = http://www.sis.com/support/chipdetect/OSInfo.cab
[SiS_OCX Control]
InProcServer32 = C:\WINDOWS\SIS_OCX.ocx
CODEBASE = http://www.sis.com/support/chipdetec...todetectNT.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\RdxIE.dll
CODEBASE = http://207.188.7.150/08696bb7914ae43...p/RdxIE601.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab
[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab
[CSS Web Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\cssweb.dll
CODEBASE = http://www.eb.dk/codekstra/cabs/cssweb.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6.708 bytes
Report generated in 0,030 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Thanks in advance.
Clusen
----------------
StartupList report, 18-12-2003, 07:14:14
StartupList version: 1.52
Started from : C:\Documents and Settings\Claus Peter Hastrup\Skrivebord\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\VirusBuster\Bin\VBCMServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\QKeys\QKeys.EXE
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Creative\ShareDLL\MEDIADET.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Bridge Base Online\NetBridgeVu.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Claus Peter Hastrup\Skrivebord\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menuen Start\Programmer\Start]
Adobe Gamma Loader.lnk = ?
Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
QKeys = C:\Programmer\QKeys\QKeys.EXE
AdaptecDirectCD = "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Omnipage = C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
QuickTime Task = "C:\Programmer\QuickTime\qttask.exe" -atboottime
XTNDConnect PC - ErPhn2 = C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
MsnMsgr = "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\FLLESF~1\Real\Toolbar\realbar.dll - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:\Programmer\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[OSInfo Control]
InProcServer32 = C:\WINDOWS\OSInfo.ocx
CODEBASE = http://www.sis.com/support/chipdetect/OSInfo.cab
[SiS_OCX Control]
InProcServer32 = C:\WINDOWS\SIS_OCX.ocx
CODEBASE = http://www.sis.com/support/chipdetec...todetectNT.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/s...irector/sw.cab
[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\RdxIE.dll
CODEBASE = http://207.188.7.150/08696bb7914ae43...p/RdxIE601.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
[InstallShield International Setup Player]
InProcServer32 = c:\windows\downlo~1\isetup.dll
CODEBASE = http://www.installengine.com/engine/isetup.cab
[HeartbeatCtl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\hrtbeat.ocx
CODEBASE = http://fdl.msn.com/zone/datafiles/heartbeat.cab
[CSS Web Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\cssweb.dll
CODEBASE = http://www.eb.dk/codekstra/cabs/cssweb.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 6.708 bytes
Report generated in 0,030 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Just looking at it, you have a few more svchost.exe loads, and several IEXPLORER.EXE loads. Do you have several Explorer windows open during this log generation?
And I would eliminate the Office Startup in your startup folder (useless in my experience).
AS well you have ATI and Quicktime loading in the Taskbar. Definitely Eliminate Quicktime, and unless you use features in the ATI Control Panel on a regular basis and right click on the desktop is too much effort, I would get rid of ATI as well.
Other than that, nothing else jumps out at me.
By the way, how much RAM does your system have?
Anyone else???
And I would eliminate the Office Startup in your startup folder (useless in my experience).
AS well you have ATI and Quicktime loading in the Taskbar. Definitely Eliminate Quicktime, and unless you use features in the ATI Control Panel on a regular basis and right click on the desktop is too much effort, I would get rid of ATI as well.
Other than that, nothing else jumps out at me.
By the way, how much RAM does your system have?
Anyone else???
|
Similar Threads
- Please have a look at this HijackThis Log (Viruses, Spyware and other Nasties)
- HiJackThis-log for viewing , XP box. (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Hijack This Logfile Support
- Next Thread: Hijack this log - can't get rid of pop ups
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday