kristnjov Posted June 2, 2008 Report Share Posted June 2, 2008 Constantly.Here's the HiJackThis log.----Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:54:59, on 2008-06-02Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program\CDBurnerXP\NMSAccessU.exeC:\Program\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program\WinFtp Server\WFTPSRV.exeC:\Program\Eset\nod32kui.exeC:\Program\TightVNC\WinVNC.exeC:\WINDOWS\system32\ctfmon.exeC:\Program\Messenger\msmsgs.exeC:\Program\Windows Live\Messenger\MsnMsgr.ExeC:\Program\Samurize\Client.exeC:\Program\SpeedFan\speedfan.exeC:\WINDOWS\System32\svchost.exeC:\Program\uTorrent\utorrent.exeC:\Documents and Settings\Lolman\Skrivbord\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LänkarO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dllO4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [WinVNC] "C:\Program\TightVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [µTorrent] "C:\Program\uTorrent\utorrent.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [uTorrent] "C:\Program\uTorrent\utorrent.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Client Default.lnk = C:\Program\Samurize\Client.exeO4 - Startup: SpeedFan.lnk = C:\Program\SpeedFan\speedfan.exeO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYSEO8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exeO16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.ub.gu.se/lib/gubselibrary/support/plugins/ebraryRdr.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188509168015O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188509150875O17 - HKLM\System\CCS\Services\Tcpip\..\{6F1850F8-11A7-4566-8430-7301AB908EA6}: NameServer = 192.168.0.1,192.168.0.136O17 - HKLM\System\CS1\Services\Tcpip\..\{6F1850F8-11A7-4566-8430-7301AB908EA6}: NameServer = 192.168.0.1,192.168.0.136O17 - HKLM\System\CS2\Services\Tcpip\..\{6F1850F8-11A7-4566-8430-7301AB908EA6}: NameServer = 192.168.0.1,192.168.0.136O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NMIndexingService - Unknown owner - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe (file missing)O23 - Service: NMSAccessU - Unknown owner - C:\Program\CDBurnerXP\NMSAccessU.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: WinFtp Server Service (WinFTP Server Service) - Network Software - C:\Program\WinFtp Server\WFTPSRV.exeO23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program\TightVNC\WinVNC.exe--End of file - 6355 bytes Link to comment Share on other sites More sharing options...
Firon Posted June 2, 2008 Report Share Posted June 2, 2008 If you're on 1.7.7, try 1.8. Link to comment Share on other sites More sharing options...
Ultima Posted June 3, 2008 Report Share Posted June 3, 2008 Also, get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file here. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.