Misstänker att det finns några spionsprgram i listan?

[Superz]

Hej!

 

Tror att jag har råkat med några farliga filer som finns med i listan men vågar inte ta bort dessa av misstag.

 

Mvh Olle

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:47, on 2008-08-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\DCPFLICS\dcpflics.exe

C:\Program\Dell Network Assistant\hnm_svc.exe

C:\WINDOWS\system32\sesinetd.exe

C:\WINDOWS\system32\hserver.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\WINDOWS\system32\cmd.exe

C:\Program\Autodesk\mrstand3.6.51-max2009\bin\rayserver.exe

C:\Program\McAfee\MSC\mcmscsvc.exe

c:\program\delade filer\mcafee\mna\mcnasvc.exe

c:\program\DELADE~1\mcafee\mcproxy\mcproxy.exe

C:\Program\McAfee\VirusScan\McShield.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

C:\Program\McAfee\MPF\MPFSrv.exe

C:\Program\McAfee\MSK\MskSrver.exe

C:\Program\CDBurnerXP\NMSAccessU.exe

C:\Program\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PRISMSVC.EXE

C:\Program\Retrospect\Retrospect 7.5\retrorun.exe

C:\Program\SiteAdvisor\6261\SAService.exe

C:\Program\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\ThreatFire\TFService.exe

C:\WINDOWS\system32\svchost.exe

c:\program\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\PRISMSVR.EXE

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program\SiteAdvisor\6261\SiteAdv.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program\Synthetic Aperture\Echo Fire\Support\Echo Fire Server.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\DOCUME~1\WebbTV\LOKALA~1\Temp\clclean.0001

C:\Program\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Dell Support Center\bin\sprtcmd.exe

C:\Program\Delade filer\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\ThreatFire\TFTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Dell Wireless\PRISMCFG.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\WebbTV\Skrivbord\FixVundo.exe

C:\Program\ThreatFire\TFGui.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vgdl.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\program\mcafee\msk\mcapbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program\McAfee\VirusScan\scriptsn.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iAAnotif] "C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [Echo Fire Server] "C:\Program\Synthetic Aperture\Echo Fire\Support\Echo Fire Server.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program\Dell\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [dscactivate] "C:\Program\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [mcagent_exe] C:\Program\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ThreatFire] C:\Program\ThreatFire\TFTray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Skärmurklipp och start för OneNote 2007.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Dell Network Assistant.lnk = C:\Program\Dell Network Assistant\ezi_hnm2.exe

O4 - Global Startup: Verktyg för trådlöst WLAN via USB 2.0-adapter.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://se.mcafee.com/Apps/WSC/sv/WscWlanScannerCtrl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5054/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: ssqOHbXP - ssqOHbXP.dll (file missing)

O23 - Service: McAfee Application Installer Cleanup (0303191219756063) (0303191219756063mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\030319~1.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program\Delade filer\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program\DCPFLICS\dcpflics.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program\Dell Network Assistant\hnm_svc.exe

O23 - Service: HoudiniLicenseServer - Side Effects Software Inc. - C:\WINDOWS\system32\sesinetd.exe

O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: mental ray Standalone 3.6.51 for Max 2009(32 bit) (maxmr3651) - Unknown owner - C:\Program\Autodesk\mrstand3.6.51-max2009\bin\rayservice.bat

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program\delade filer\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\program\DELADE~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program\McAfee\MSK\MskSrver.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program\CDBurnerXP\NMSAccessU.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program\Retrospect\Retrospect 7.5\retrorun.exe

O23 - Service: SiteAdvisor-tjänst (SiteAdvisor Service) - Unknown owner - C:\Program\SiteAdvisor\6261\SAService.exe

O23 - Service: SPM License Service for mental ray Standalone 3.6.51 for Max 2009 (SPMLM) - mental images GmbH - C:\WINDOWS\system32\spm\spmd.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program\Dell Support Center\bin\sprtsvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Program\ThreatFire\TFService.exe

O23 - Service: GridIron X-Factor After Effects Peer #1 (XFACTORAE1) - Unknown owner - C:\Program\XLR8\xlr8d.exe (file missing)

 

--

End of file - 15870 bytes[/log]

 

 

[Cecilia]

Skanna med HijackThis och bocka för:

 

O20 - Winlogon Notify: ssqOHbXP - ssqOHbXP.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontroller själv att ovanstående rad är borta ur en ny HijackThis-logg.

 

Var det någon annan rad du tänkte på?

 

[Superz]

Hej!

 

Tack och det ska jag göra.

 

Kan jag även ta bort den raden?

 

O23 - Service: GridIron X-Factor After Effects Peer #1 (XFACTORAE1) - Unknown owner - C:\Program\XLR8\xlr8d.exe (file missing)

 

Mvh Olle

 

[Cecilia]

Är du säker på att programmet är avinstallerat? För det är inte säkert att filen saknas fast det står så.

 

Det går inte att ta bort raden med HijackThis utan då får man göra så här:

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp GridIron X-Factor After Effects Peer #1 i listan, dubbelklicka och välj Startmetod Inaktiverad.