Just nu i M3-nätverket
Jump to content

Search Glow


Johan.L

Recommended Posts

När jag höll på att stänga av datorn kom en ruta upp där det stod "Avslutar program - Search Glow". Problemet är bara det att jag inte har någon aning om vad Search Glow är för något program och var det kommer ifrån. Är det ett spyware?

 

Link to comment
Share on other sites

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

------------------------

 

Flyttar tråden till forumet för Spionprogram

 

Cecilia - Moderator för Program - övrigt

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:38:54, on 2007-03-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero 7\InCD\InCD.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Eset\nod32kui.exe

C:\Program\SiteAdvisor\6028\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Agnitum\Outpost Firewall\outpost.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\SiteAdvisor\6028\SAService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Windows Live Toolbar\MSNTBUP.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.expressen.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\6028\SiteAdv.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\6028\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Outpost Firewall] C:\Program\Agnitum\Outpost Firewall\outpost.exe /waitservice

O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [siteAdvisor] C:\Program\SiteAdvisor\6028\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.38/WinSSWebAgent.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152440647644

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152455420435

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program\SiteAdvisor\6028\SiteAdv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

O23 - Service: fsbwsys - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program\Agnitum\Outpost Firewall\outpost.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program\SiteAdvisor\6028\SAService.exe

[/log]

 

Link to comment
Share on other sites

Eftersom du inte längre verkar köra F-secure så kan du göra så här:

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp F-Secure Automatic Update i listan, dubbelklicka och välj Startmetod Inaktiverad. Upprepa med fsbwsys.

 

Det enda jag ser för övrigt i loggen är några ofarliga rester. Har något av de andra programmen plockat bort Search Glow eller har du fortfarande problem med det?

 

 

Link to comment
Share on other sites

Tack för tipset, hade problem med avinstallationen av F-secure.

 

Angående Search Glow så har jag har haft problemet ett tag.... rutan med avsluta program kommer ibland upp när jag stänger av datorn. När jag skrev det här hade det precis hänt, och inga anti-spyware program verkar hitta det när jag kör sökningar.

 

Link to comment
Share on other sites

Har du kört AVG Anti-Spyware? http://www.ewido.net/en/onlinescan/

Eller Kaspersky? http://www.kaspersky.com/virusscanner

 

Vi kan ju se om ComboScan ser något udda.

Ladda ner ComboScan till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

 

Avsluta alla program.

Kör ComboScan och följ anvisningarna som visas.

Om brandväggen frågar så tillåt sigcheck.exe att komma ut på internet.

När det är klart så skapas två loggfiler, C:\ComboScan.txt och C:\Supplementary.txt. Klistra in dem här. Det brukar bli långa loggar så kom ihåg LOG-knappen!

 

Link to comment
Share on other sites

[log]ComboScan v20070226.18 run by Hem on 2007-03-05 at 15:54:04

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information -----------------------------------------------------------

 

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: Swedish

 

CPU 0: Intel Pentium III-processor

Percentage of Memory in Use: 76%

Physical Memory (total/avail): 254.48 MiB / 59.26 MiB

Pagefile Memory (total/avail): 624.91 MiB / 377.3 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1991.92 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 14.31 GiB total, 0.34 GiB free.

D: is CDROM (CDFS)

G: is CDROM (No Media)

 

 

-- Security Center --------------------------------------------------------------

 

AUOptions is set to notify before download.

Windows Internal Firewall is disabled.

 

FirewallOverride is set.

 

FW: Outpost Firewall Pro v4.0 (Agnitum)

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) Outdated

 

 

-- Environment Variables --------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Hem\Application Data

CLASSPATH=.;C:\Program\Java\jre1.5.0_07\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=PC-YN

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Hem

LANGUAGE=English (Internal)

LOGONSERVER=\\PC-YN

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\QuickTime\QTSystemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0806

ProgramFiles=C:\Program

PROMPT=$P$G

QTJAVA=C:\Program\Java\jre1.5.0_07\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Hem\LOKALA~1\Temp

TMP=C:\DOCUME~1\Hem\LOKALA~1\Temp

USERDOMAIN=PC-YN

USERNAME=Hem

USERPROFILE=C:\Documents and Settings\Hem

windir=C:\WINDOWS

 

 

-- User Profiles ----------------------------------------------------------------

 

Hem (admin)

Administratör (admin)

 

 

-- Add/Remove Programs ----------------------------------------------------------

 

--> C:\Program\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\BWUnin-6.3.2.116-7681197L.exe -AppId 7681197

--> C:\WINDOWS\NuNInst.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 7.0.9 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}

Agnitum Outpost Firewall Pro --> C:\Program\Agnitum\Outpost Firewall\uninst.exe

Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Citeknet RAR IFilter --> MsiExec.exe /I{97070437-64DC-4620-877C-65C314362328}

DVD-lab PRO 2.2 --> "C:\Program\DVDlabPro2\unins000.exe"

Feedidentifiering (Windows Live Toolbar) --> MsiExec.exe /X{736D3047-3A62-4FF0-8F75-B1AB9387EE8D}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program\google\googletoolbar1.dll"

Hijackthis 1.99.1 --> "C:\Program\Hijackthis\unins000.exe"

HijackThis 1.99.1 --> C:\Program\Hijackthis\HijackThis.exe /uninstall

Intel Application Accelerator --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST

iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}

J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}

J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}

LimeWire PRO 4.12.6 --> "C:\Program\LimeWire\uninstall.exe"

Matroska Pack (remove only) --> C:\Program\Matroska Pack\Uninstall.exe

MatroskaProp (remove only) --> C:\Program\MatroskaProp\MatroskaProp-uninstall.exe

McAfee SiteAdvisor --> C:\Program\SiteAdvisor\6028\uninstall.exe

Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office 2003 Proofing Tools --> MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}

Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.2) --> C:\Program\Mozilla Firefox\uninstall\helper.exe

MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31053}

NOD32 antivirus system --> C:\Program\Eset\Setup\setup.exe /UNINSTALL

NOD32 FiX v2.1 --> "C:\Program\Eset\unins000.exe"

Popup-blockeraren (Windows Live Toolbar) --> MsiExec.exe /X{1E3C24B7-76FC-4EFB-B672-DB35C194DBC2}

QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}

Registry Mechanic 6.0 --> "C:\Program\Registry Mechanic\unins000.exe"

Sökmarkeringsfönstret (Windows Live Toolbar) --> MsiExec.exe /X{181773C8-C236-4959-9BF4-23D13418402F}

Smarta menyer (Windows Live Toolbar) --> MsiExec.exe /X{5DB357BB-7940-4E5F-BAFF-4FB490914457}

Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Snabbkorrigering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Snabbkorrigering för Windows XP (KB928388) --> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"

Snabbkorrigering för Windows XP (KB929120) --> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB904706) -->

Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Spyware Doctor 4.0 --> C:\Program\Spyware Doctor\unins000.exe

TPTEST 5.0.1 --> "C:\Program\TPTEST5\unins000.exe"

Uniblue SpeedUpMyPC --> "C:\Program\Uniblue\SpeedUpMyPC\unins000.exe"

Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Verktygsfältet Outlook (Windows Live Toolbar) --> MsiExec.exe /X{C757334D-4884-4C1D-AB60-7E038C019BBC}

Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE

VideoLAN VLC media player 0.8.5 --> C:\Program\VideoLAN\VLC\uninstall.exe

Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}

Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}

Windows Live Toolbar --> "C:\Program\Windows Live Toolbar\UnInstall.exe" {2D6D9C7C-F7DE-462C-842F-E92C5B39031C}

Windows Live Toolbar --> MsiExec.exe /X{2D6D9C7C-F7DE-462C-842F-E92C5B39031C}

Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{4A84EB9C-E961-45E5-A93C-FBDC5CD9DACD}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Rights Management-klient bakåtkompatibilitet SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}

Windows Rights Management-klient med Service Pack 2 --> MsiExec.exe /X{3E4485CF-4CBE-4BEE-B0F9-51D7E489E2A0}

WinRAR archiver --> C:\Program\WinRAR\uninstall.exe

Xfire (remove only) --> "C:\Program\Xfire\uninst.exe"

 

 

-- End of ComboScan: finished at 2007-03-05 at 16:00:54 -------------------------

 

[/log]

[log]ComboScan v20070226.18 run by Hem on 2007-03-05 at 15:54:04

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

Successfully created restore point.

Performed disk cleanup.

 

 

-- HijackThis (run as Hem.exe) --------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 15:58:54, on 2007-03-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero 7\InCD\InCD.exe

C:\Program\Eset\nod32kui.exe

C:\Program\SiteAdvisor\6028\SiteAdv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Agnitum\Outpost Firewall\outpost.exe

C:\Program\Spyware Doctor\sdhelp.exe

C:\Program\SiteAdvisor\6028\SAService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Hem\Skrivbord\comboscan.exe

C:\Program\HIJACK~1\Hem.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.expressen.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\6028\SiteAdv.dll

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\6028\SiteAdv.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Outpost Firewall] C:\Program\Agnitum\Outpost Firewall\outpost.exe /waitservice

O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [siteAdvisor] C:\Program\SiteAdvisor\6028\SiteAdv.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.38/WinSSWebAgent.CAB

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152440647644

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152455420435

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program\SiteAdvisor\6028\SiteAdv.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

O23 - Service: fsbwsys - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program\Agnitum\Outpost Firewall\outpost.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program\Spyware Doctor\sdhelp.exe

O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program\SiteAdvisor\6028\SAService.exe

 

 

-- HijackThis Fixed Entries (C:\Program\HIJACK~1\backups\) ----------------------

 

backup-20070303-223327-557 O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

 

-- File Associations ------------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

 

3R ac97intc (Installationstjänst för Intel® 82801-ljuddrivrutin (WDM)) - C:\WINDOWS\system32\drivers\ac97intc.sys

3R ADBLOCK.DLL (Outpost Firewall PlugIn (ADBLOCK.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\adblock.dll

2R AMON - C:\WINDOWS\system32\drivers\amon.sys

3R ARP.DLL (Outpost Firewall PlugIn (ARP.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\arp.dll

3R CONTENT.DLL (Outpost Firewall PlugIn (CONTENT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\content.dll

3R DNSCACHE.DLL (Outpost Firewall PlugIn (DNSCACHE.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\dnscache.dll

3R dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys

3R EL90XBC (3Com EtherLink XL 90XB/C Adapter Driver) - C:\WINDOWS\system32\drivers\el90xbc5.sys

3R FTPFILT.DLL (Outpost Firewall PlugIn (FTPFILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\ftpfilt.dll

3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

3R HTMLFILT.DLL (Outpost Firewall PlugIn (HTMLFILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\htmlfilt.dll

3R HTTPFILT.DLL (Outpost Firewall PlugIn (HTTPFILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\httpfilt.dll

3R i81x - C:\WINDOWS\system32\drivers\i81xnt5.sys

3S iAimFP0 - C:\WINDOWS\system32\drivers\wadv01nt.sys

3S iAimFP1 - C:\WINDOWS\system32\drivers\wadv02nt.sys

3S iAimFP2 - C:\WINDOWS\system32\drivers\wadv05nt.sys

3S iAimFP3 - C:\WINDOWS\system32\drivers\wsiintxx.sys

3S iAimFP4 - C:\WINDOWS\system32\drivers\wvchntxx.sys

3S iAimFP5 - C:\WINDOWS\system32\drivers\wadv07nt.sys

3S iAimFP6 - C:\WINDOWS\system32\drivers\wadv08nt.sys

3S iAimFP7 - C:\WINDOWS\system32\drivers\wadv09nt.sys

3S iAimTV0 - C:\WINDOWS\system32\drivers\watv01nt.sys

3S iAimTV1 - C:\WINDOWS\system32\drivers\watv02nt.sys

3S iAimTV2 - C:\WINDOWS\system32\DRIVERS\wATV03nt.sys (not found)

3S iAimTV3 - C:\WINDOWS\system32\drivers\watv04nt.sys

3S iAimTV4 - C:\WINDOWS\system32\drivers\wch7xxnt.sys

3S iAimTV5 - C:\WINDOWS\system32\drivers\watv10nt.sys

3S iAimTV6 - C:\WINDOWS\system32\drivers\watv06nt.sys

0R IdeBusDr - C:\WINDOWS\system32\drivers\IdeBusDr.sys

0R IdeChnDr (Intel® Ultra ATA Controller) - C:\WINDOWS\system32\drivers\IdeChnDr.sys

1R ikhfile (File Security Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhfile.sys

1R ikhlayer (Kernel Anti-Spyware Driver) - C:\WINDOWS\system32\drivers\ikhlayer.sys

3R IMAPFILT.DLL (Outpost Firewall PlugIn (IMAPFILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\imapfilt.dll

4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys

1R InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys

1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys

3R MAILFILT.DLL (Outpost Firewall PlugIn (MAILFILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\mailfilt.dll

3R NNTPFILT.DLL (Outpost Firewall PlugIn (NNTPFILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\nntpfilt.dll

1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys

1R P3 (Intel PentiumIII-processordrivrutin) - C:\WINDOWS\system32\drivers\p3.sys

3R Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\drivers\Pcouffin.sys

3R POP3FILT.DLL (Outpost Firewall PlugIn (POP3FILT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\pop3filt.dll

3R PROTECT.DLL (Outpost Firewall PlugIn (PROTECT.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\protect.dll

1R SandBox (Outpost Firewall Sandbox Driver) - C:\Program\Agnitum\Outpost Firewall\Kernel\SandBox.sys

1R SASDIFSV - C:\Program\SUPERAntiSpyware\sasdifsv.sys

3S SASENUM - C:\Program\SUPERAntiSpyware\SASENUM.SYS

1R SASKUTIL - C:\Program\SUPERAntiSpyware\SASKUTIL.SYS

3R SECRET.DLL (Outpost Firewall PlugIn (SECRET.DLL)) - C:\Program\Agnitum\Outpost Firewall\Kernel\secret.dll

0R sptd - C:\WINDOWS\system32\drivers\sptd.sys

3S TVICHW32 - C:\WINDOWS\system32\drivers\TVICHW32.SYS

3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys

3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys

3S USBSTOR (Drivrutin för USB-masslagringsenheter) - C:\WINDOWS\system32\drivers\usbstor.sys

1R VFILT (Outpost Firewall Kernel Driver) - C:\Program\Agnitum\Outpost Firewall\Kernel\filtnt.sys

1R WS2IFSL (Stödmiljö för Windows Socket 2.0 Icke-IFS-tjänstprovider) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys

3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

3S XTrapD12 - C:\WINDOWS\system32\XTrapD12.sys (not found)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

2S BackWeb Plug-in - 7681197 (F-Secure Automatic Update) - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

2S fsbwsys - "C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe"

3S IDriverT (InstallDriver Table Manager) - "C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe"

2R InCDsrv (InCD Helper) - C:\Program\Nero\Nero 7\InCD\InCDsrv.exe

3S iPod Service - "C:\Program\iPod\bin\iPodService.exe"

2R NOD32krn (NOD32 Kernel Service) - "C:\Program\Eset\nod32krn.exe"

3S ose (Office Source Engine) - "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE"

2R OutpostFirewall (Outpost Firewall Service) - C:\Program\Agnitum\Outpost Firewall\outpost.exe /service

2R SDhelper (PC Tools Spyware Doctor) - C:\Program\Spyware Doctor\sdhelp.exe

2R SiteAdvisor Service - C:\Program\SiteAdvisor\6028\SAService.exe

3S usnjsvc (Läsartjänsten USN Journal för mappdelning i Messenger) - "C:\Program\MSN Messenger\usnsvc.exe"

 

 

-- Scheduled Tasks --------------------------------------------------------------

 

2007-03-04 15:15:02 238 --a------ C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job<KONTRO~1.JOB>

2007-03-02 16:28:19 272 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

 

 

-- Files created between 2007-02-05 and 2007-03-05 ------------------------------

 

2007-03-03 22:25:56 0 d-------- C:\Program\Hijackthis<HIJACK~1>

2007-03-03 22:14:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2007-02-27 17:06:26 0 d--h----- C:\WINDOWS\PIF

2007-02-23 18:23:35 0 d-------- C:\Program\Windows Media Connect 2<WI4DF6~1>

2007-02-23 18:20:55 0 d-------- C:\Documents and Settings\Hem\Application Data\Talkback

2007-02-23 17:41:58 1144 --a------ C:\WINDOWS\mozver.dat

2007-02-23 17:18:41 0 --a------ C:\WINDOWS\nsreg.dat

2007-02-20 21:24:15 0 d-------- C:\Documents and Settings\Hem\Application Data\dvdcss

2007-02-14 12:13:03 0 d-------- C:\Program\Mozilla Firefox<MOZILL~1>

2007-02-14 00:47:18 0 d-------- C:\Program\Lavasoft

2007-02-13 22:01:33 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP

2007-02-13 22:00:31 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys

2007-02-13 22:00:20 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys

2007-02-13 21:58:31 0 d-------- C:\Documents and Settings\Hem\Application Data\PC Tools<PCTOOL~1>

2007-02-13 21:58:30 0 d-------- C:\Program\Spyware Doctor<SPYWAR~1>

2007-02-13 12:11:10 57344 --a------ C:\WINDOWS\system32\WNASPINT.DLL

2007-02-13 11:44:53 0 d-------- C:\eJay

2007-02-10 21:03:44 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2007-02-10 19:07:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>

2007-02-10 19:06:49 0 d-------- C:\Program\SUPERAntiSpyware<SUPERA~1>

2007-02-10 19:06:48 0 d-------- C:\Documents and Settings\Hem\Application Data\SUPERAntiSpyware.com<SUPERA~1.COM>

2007-02-09 15:00:51 0 d-------- C:\Documents and Settings\Hem\Application Data\Xfire

2007-02-09 15:00:39 0 d---s---- C:\Program\Xfire

 

 

-- Find3M Report ----------------------------------------------------------------

 

2007-03-04 14:42:42 0 d-------- C:\Documents and Settings\Hem\Application Data\AdobeUM

2007-03-01 22:52:02 0 d-------- C:\Documents and Settings\Hem\Application Data\Adobe

2007-02-24 15:01:02 0 d-------- C:\Documents and Settings\Hem\Application Data\uTorrent

2007-02-23 17:18:04 0 d-------- C:\Documents and Settings\Hem\Application Data\Mozilla

2007-02-23 16:34:05 0 d-------- C:\Program\QuickTime<QUICKT~1>

2007-02-23 16:31:52 0 d-------- C:\Program\Apple Software Update<APPLES~1>

2007-02-18 16:49:58 0 d-------- C:\Program\Diablo II<DIABLO~1>

2007-02-18 13:41:29 0 d-------- C:\Program\Delade filer\Microsoft Shared<MICROS~1>

2007-02-17 12:40:42 0 d-------- C:\Program\Delade filer<DELADE~1>

2007-02-16 22:18:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>

2007-02-14 18:42:05 0 d-------- C:\Program\Registry Mechanic<REGIST~1>

2007-02-14 12:53:42 0 d-------- C:\Program\SiteAdvisor<SITEAD~1>

2007-02-14 00:49:35 0 d-------- C:\Documents and Settings\Hem\Application Data\Lavasoft

2007-02-13 20:36:29 0 d-------- C:\Documents and Settings\Hem\Application Data\SiteAdvisor<SITEAD~1>

2007-02-13 10:51:58 0 d--h----- C:\Program\InstallShield Installation Information<INSTAL~1>

2007-02-13 09:52:25 0 d-------- C:\Program\Delade filer\InstallShield<INSTAL~1>

2007-02-09 19:14:38 0 d-------- C:\Program\MSN Messenger<MSNMES~1>

2007-02-08 18:30:42 0 d---s---- C:\Documents and Settings\Hem\Application Data\Microsoft<MICROS~1>

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

2007-01-21 17:14:48 0 d-------- C:\Program\LimeWire

2007-01-19 17:48:25 409952 --a----c- C:\WINDOWS\system32\perfh01D.dat

2007-01-19 17:48:24 76252 --a----c- C:\WINDOWS\system32\perfc01D.dat

2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll

2007-01-18 19:46:22 298104 --a------ C:\WINDOWS\system32\imon.dll

2007-01-18 18:27:50 0 d-------- C:\Program\Delade filer\Agnitum Shared<AGNITU~1>

2007-01-18 18:27:49 0 d-------- C:\Program\Agnitum

2007-01-16 06:32:30 2854400 --a------ C:\WINDOWS\system32\msi.dll

2007-01-12 18:58:18 4212 ---h---c- C:\WINDOWS\system32\zllictbl.dat

2007-01-12 17:56:37 499712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-01-12 17:56:36 348160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 -----n--- C:\WINDOWS\system32\ieframe.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll

2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2007-01-05 12:20:55 0 d-------- C:\Program\Windows Desktop Search<WI459E~1>

2007-01-05 11:54:49 0 d-------- C:\Program\CyberLink<CYBERL~1>

2006-12-19 22:51:09 134656 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:38 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

 

 

-- Registry Dump ----------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.2.908.5746\\GoogleToolbarNotifier.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\""

"updateMgr"="C:\\Program\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NeroFilterCheck"="C:\\Program\\Delade filer\\Ahead\\Lib\\NeroCheck.exe"

"InCD"="C:\\Program\\Nero\\Nero 7\\InCD\\InCD.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"Outpost Firewall"="C:\\Program\\Agnitum\\Outpost Firewall\\outpost.exe /waitservice"

"OutpostFeedBack"="C:\\Program\\Agnitum\\Outpost Firewall\\feedback.exe /dump:os_startup"

"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"

"SiteAdvisor"="C:\\Program\\SiteAdvisor\\6028\\SiteAdv.exe"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Spyware Doctor"="\"C:\\Program\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

"Spyware Doctor"="\"C:\\Program\\Spyware Doctor\\swdoctor.exe\" /Q"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

-- End of ComboScan: finished at 2007-03-05 at 16:00:54 -------------------------

 

[/log]

 

Link to comment
Share on other sites

J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}

Innehåller säkerhetshål och bör avinstalleras.

 

Eftersom du inte längre verkar köra F-secure så kan du göra så här:

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp F-Secure Automatic Update i listan, dubbelklicka och välj Startmetod Inaktiverad. Upprepa med fsbwsys.

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta.

 

Har du kört AVG Anti-Spyware? http://www.ewido.net/en/onlinescan/

Eller Kaspersky? http://www.kaspersky.com/virusscanner

 

 

Link to comment
Share on other sites

  • 2 weeks later...

AVG Anti-Spyware hittar inget och kaspersky online-scan funkar inte. Laddade ner trial men installationen misslyckades därför att den påstår att F-secure fortfarande är installerat. Vet inte vad det är som får den att tro det för jag kan inte finna några restfiler efter F-secure.

 

Link to comment
Share on other sites

Man ska inte installera två antivirusprogram och du har ju redan Nod32 så det är inte lämpligt att installera Kaspersky i alla fall. Det finns kanske rester av F-secure i registret, rensa enligt anvisningarna här:

http://support.f-secure.com/enu/corporate/downloads/removeav.shtml

 

Du kan läsa om Search_glow på:

http://forums.spywareinfo.com/lofiversion/index.php/t86138.html sista inlägget

http://www.wilderssecurity.com/showthread.php?p=849786#post849786 inlägg #13

Verkar helt ofarligt i alla fall.

 

Link to comment
Share on other sites

Tack för hjälpen!

Angående Kaspersky så var det bara det att jag har hört (och läst) att det skulle vara bättre än Nod32 och tänkte därför bara testa det.

 

Link to comment
Share on other sites

Okej, men det är viktigt att få bort allt från tidigare antivirusprogram och brandväggar innan man installerar nya så att det inte ligger kvar något och stör.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...