Молба за анализ на лог от HijackThis

[byalko_byalkov]

Отварям тази тема с молба за анализ на този лог от HijackThis(макар че аз не видях нищо лошо):

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:10:07, on 17.02.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\WINDOWS\Datecs\Flex2K.exe

C:\Program Files\charismathics\smart security interface 4.3\CSPregtool.exe

D:\Source\HiJackThis\HiThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btv.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bitComet] C:\Program Files\BitComet\BitComet.exe /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: FlexType 2K.lnk = ?

O4 - Global Startup: smart security registration status.lnk = C:\Program Files\charismathics\smart security interface 4.3\CSPregtool.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://applications.nssi.bg/viewer/activeX...tivexviewer.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0B64CC1D-2BBE-4D23-B63F-C79121ABA657}: NameServer = 195.24.90.1,195.24.91.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{3B542B20-A22F-4EDA-BEC0-0782607C52FD}: NameServer = 195.24.91.1,195.24.88.1

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

 

--

End of file - 6936 bytes

[Night_Raven]

Опасни неща не виждам. Виждам боклуци от рода на BlueSoleil и FlexType и разплути неща от рода на PowerDVD, но не и реални заплахи.

[byalko_byalkov]

Опасни неща не виждам. Виждам боклуци от рода на BlueSoleil и FlexType и разплути неща от рода на PowerDVD, но не и реални заплахи.

 

За FlexType съм съгласен , но BlueSoleil ? Вградените драйвери в XP за предпочитане ли са?

[Night_Raven]

Вградените драйвери в Windows за какво? По принцип BlueSoleil е много нестабилна и бъгава програма. Лично аз не бих я ползвал, ако ще и пари да ми дават.

[byalko_byalkov]

Вградените драйвери в Windows за какво? По принцип BlueSoleil е много нестабилна и бъгава програма. Лично аз не бих я ползвал, ако ще и пари да ми дават.

 

Имах предвид вградените драйвери за работа с Bluetooth.

[Night_Raven]

Не съм сигурен, че Windows има вградени драйвери за Bluetooth. А и по принцип е редно самият хардуер, който се купува, да си има свои драйвери. Ако даденият хардуер няма собствени драйвери, то значи не си заслужава купуването му. Лично мнение.

[byalko_byalkov]

Night Raven , благодаря ти , че ми отдели от времето си.