Just nu i M3-nätverket
Jump to content

virus/spyware problem


couchboy

Recommended Posts

Hej. Försöker nu fixa syrrans dator.Nåt som heter windowsmediagateway har lagt sig i autostarten.Har vart inne i msconfig och försökt klicka bort det och raderat allt i registret om den men det funkar inte.

 

Datorn har också börjat öpnna program mappen vid uppstart vilket den inte gjort tidigare.Troligen bara för att detta windowsmediagateway ska ligga i program files men inte ligger där. bifogar hijack log härunder.

 

[log] Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:34:27, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2 Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

O4 - HKLM\..\RunServices: [Msrv32] Msrv32.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O4 - HKLM\..\RunServices: [File System Service] wmiprvsc.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 7334 bytes

[/log]

 

 

Har laddat hem combofix.

[inlägget ändrat 2008-11-17 14:47:46 av couchboy]

Link to comment
Share on other sites

 

[log]Ladda ner ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix[/log]

 

Link to comment
Share on other sites

Har laddat ner combofix på skrivbordet. vad säger hijack this loggen?

 

ska jag köra combofix nu eller ska jag göra nåt innan jag kör den.

 

Link to comment
Share on other sites

Har nu kört combofix.Efter körning kom spybot igång och fråga allow eller inte på massa "value deleted.tryckte allow på alla.

 

loggen följer här.

 

[log]ComboFix 08-11-16.05 - Ägaren 2008-11-17 15:16:33.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.215 [GMT 1:00]

Running from: c:\documents and settings\Ägaren\Skrivbord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Ägaren\Lokala inställningar\Temporary Internet Files\ijjistarter_verinfo.dat

c:\program\INSTALL.LOG

c:\windows\Readme.txt

c:\windows\system32\MSINET.oca

 

.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))

.

 

2008-11-17 14:33 . 2008-11-17 14:33 <KAT> d-------- c:\program\Trend Micro

2008-11-16 15:16 . 2008-11-16 15:16 <KAT> d-------- C:\fsaua.data

2008-11-15 17:13 . 2008-11-15 17:13 <KAT> d-------- c:\windows\SYSTEM32\sv

2008-11-15 17:13 . 2008-11-15 17:13 <KAT> d-------- c:\windows\l2schemas

2008-11-13 11:00 . 2008-10-24 12:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-10-28 23:06 . 2008-10-15 17:38 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll

2008-10-19 19:51 . 2008-08-14 14:27 2,189,952 --------- c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

2008-10-19 19:51 . 2008-08-14 14:27 2,146,304 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe

2008-10-19 19:51 . 2008-08-14 14:27 2,066,816 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

2008-10-19 19:51 . 2008-08-14 14:27 2,024,960 --------- c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe

2008-10-19 19:51 . 2008-09-15 16:27 1,846,400 --------- c:\windows\SYSTEM32\DLLCACHE\win32k.sys

2008-10-19 19:51 . 2008-09-08 11:41 333,824 --------- c:\windows\SYSTEM32\DLLCACHE\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 20:33 --------- d-----w c:\documents and settings\Ägaren\Application Data\uTorrent

2008-11-15 16:25 --------- d-----w c:\program\Spybot - Search & Destroy

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-03 17:26 6,066,176 ------w c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

2008-09-30 15:43 1,286,152 ----a-w c:\windows\SYSTEM32\msxml4.dll

2008-09-18 18:56 --------- d-----w c:\program\Support Software

2008-09-18 17:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-18 16:38 --------- d-----w c:\program\Delade filer\Adobe

2008-09-18 16:33 --------- d-----w c:\documents and settings\Ägaren\Application Data\AdobeUM

2008-09-15 15:27 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys

2008-09-10 01:16 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll

2008-09-10 01:16 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll

2008-09-04 17:17 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll

2008-09-04 17:17 1,106,944 ------w c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

2008-08-27 09:27 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

2008-08-26 08:27 826,368 ----a-w c:\windows\SYSTEM32\wininet.dll

2008-08-26 08:27 826,368 ----a-w c:\windows\SYSTEM32\DLLCACHE\wininet.dll

2008-08-26 08:27 671,232 ----a-w c:\windows\SYSTEM32\DLLCACHE\mstime.dll

2008-08-26 08:27 477,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

2008-08-26 08:27 44,544 ----a-w c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

2008-08-26 08:27 233,472 ------w c:\windows\SYSTEM32\DLLCACHE\webcheck.dll

2008-08-26 08:27 193,024 ----a-w c:\windows\SYSTEM32\DLLCACHE\msrating.dll

2008-08-26 08:27 105,984 ------w c:\windows\SYSTEM32\DLLCACHE\url.dll

2008-08-26 08:27 102,912 ------w c:\windows\SYSTEM32\DLLCACHE\occache.dll

2008-08-26 08:27 1,159,680 ----a-w c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

2008-08-25 08:43 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

2008-08-25 08:38 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll

2005-04-05 23:19 79,688 ----a-w c:\documents and settings\Ägaren\Application Data\GDIPFONTCACHEV1.DAT

2004-01-24 23:01 1,336,832 ----a-w c:\program\ventrilo-2.1.4-Windows-i386.exe

2003-01-07 02:24 1,878 ----a-w c:\program\eb_inact.ico

2003-01-07 02:24 1,878 ----a-w c:\program\eb_act.ico

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SpybotSD TeaTimer"="c:\program\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 170496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"sountskmanager"="sountaskmgr" [X]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=NVDESK32.DLL,avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.dvsd"= dvc.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.VP31"= vp31vfw.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Personal.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Personal.lnk

backup=c:\windows\pss\Personal.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Ägaren^Start-meny^Program^Autostart^ubisoft register.lnk]

path=c:\documents and settings\Ägaren\Start-meny\Program\Autostart\ubisoft register.lnk

backup=c:\windows\pss\ubisoft register.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

--a------ 2001-09-04 22:31 655360 c:\program\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]

--a------ 2001-09-23 14:14 163840 c:\windows\DellMMKb.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 17:05 1695232 c:\program\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2004-04-23 07:47 98304 c:\program\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2000-10-16 09:37 32768 c:\windows\SYSTEM32\rmctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2004-08-27 14:23 180269 c:\program\Delade filer\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TraySantaCruz]

--a------ 2001-08-29 23:17 307200 c:\windows\SYSTEM32\tbctray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2003-08-19 01:01 110592 c:\program\Delade filer\Sonic\Update Manager\sgtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2003-10-06 14:16 741376 c:\windows\SYSTEM32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\ICQ\\Icq.exe"=

"c:\\Program\\messenger\\msmsgs.exe"=

"c:\\Program\\Java\\j2re1.4.2\\bin\\javaw.exe"=

"c:\\Program\\realplay.exe"=

"c:\\Program\\utorrent\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

"c:\\Program\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"c:\\ijji\\ENGLISH\\u_skid.exe"=

"c:\\Program\\DriftCity\\DriftCity.exe"=

"c:\\Program\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-27 97928]

R1 cmosa;cmosa;c:\windows\system32\DRIVERS\cmosa.sys [2001-11-22 29344]

R2 avg8wd;AVG8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2008-06-27 231704]

R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [1980-01-01 28672]

R3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-10-31 6942]

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1980-01-01 142336]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1980-01-01 524288]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2003-10-25 238218]

S3 bvrp_pci;bvrp_pci;c:\windows\system32\drivers\bvrp_pci.sys [2001-11-27 4272]

S3 VICHW00;VICHW00;\??\c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS []

S3 WinLink;WinLink;\??\c:\windows\System32\DRIVERS\WinLink.SYS [2000-03-18 23728]

S3 vtdg46xx;vtdg46xx;\??\c:\program\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2001-11-27 19232]

S4 hpt3xx;hpt3xx;c:\windows\system32\DRIVERS\hpt3xx.sys [2001-08-18 38144]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-16 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

- c:\program\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

 

2008-11-17 c:\windows\Tasks\Symantec NetDetect.job

- c:\program\Symantec\LiveUpdate\NDETECT.EXE [2001-05-21 17:36]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-Media Gateway - c:\program files\Media Gateway\MediaGateway.exe

HKLM-RunServices-Msrv32 - Msrv32.exe

HKLM-RunServices-scvhost.exe - scvhost.exe

HKLM-RunServices-File System Service - wmiprvsc.exe

MSConfigStartUp-DAEMON Tools-1033 - c:\program\D-Tools\daemon.exe

MSConfigStartUp-DownloadWare - c:\program\DownloadWare\dw.exe

MSConfigStartUp-DownloadWare Engine - c:\program\DownloadWare Engine\DWE.EXE

MSConfigStartUp-eZmmod - c:\program\ezula\mmod.exe

MSConfigStartUp-ICQ Lite - c:\program\ICQLite\ICQLite.exe

MSConfigStartUp-iTunesHelper - c:\program\iTunes\iTunesHelper.exe

MSConfigStartUp-Media Gateway - c:\program files\Media Gateway\MediaGateway.exe

MSConfigStartUp-New - c:\program\NEWDOT~1\NEWDOT~2.DLL

MSConfigStartUp-Nokia Tray Application - c:\program\Delade filer\Nokia\NCLTools\NclTray.exe

MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll

MSConfigStartUp-PopUpKiller - c:\program\PopUp Killer\PopUpKiller.EXE

MSConfigStartUp-WinDriv32 - c:\windows\System32\WinDriv32.exe

MSConfigStartUp-File System Service - wmiprvsc.exe

MSConfigStartUp-Msrv32 - Msrv32.exe

MSConfigStartUp-windows - hkey.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\fax5yyti.defaultFF -: plugin - c:\program\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPJava11.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPJava12.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPJava13.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPJava14.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPJava32.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPJPI142.dll

FF -: plugin - c:\program\Java\j2re1.4.2\bin\NPOJI610.dll

FF -: plugin - c:\program\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-17 15:20:39

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-17 15:23:10

ComboFix-quarantined-files.txt 2008-11-17 14:23:04

 

Pre-Run: 44 168 439 808 byte ledigt

Post-Run: 44,735,174,656 byte ledigt

 

214 --- E O F --- 2008-11-16 22:31:13

[/log]

 

Link to comment
Share on other sites

[log] Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:48:12, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program\AVG\AVG8\avgui.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 6493 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Stäng av Spybot - Search & Destroy\TeaTimer.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

 

sen är loggen ok[/log]

 

Link to comment
Share on other sites

Har gjort som du sa nu och körde fix checked på de raderna du skrev.Gjorde sen en ny hijack log. ser denna okej ut nu eller är det nåt mer som ska fixas?

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:18:29, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\explorer.exe

C:\Program\AVG\AVG8\avgui.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 6082 bytes

[/log]

 

Link to comment
Share on other sites

hej igen.starta om datorn nu och då var denna jvla mediagateway tillbaka i autostarten i msconfig som jag starta med windows.Gjorde en ny hijacklog efter omstarten nu som jag bifogar härunder där mediagateway är med igen.....

 

Direkt efter omstart fråga också spybot om jag ville "allow" soundtaskmgr value deleted å jag tryckte ok.

 

OBS REDIGERAD..FEL LOG MED.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:43:08, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 6406 bytes

[/log]

[inlägget ändrat 2008-11-17 16:43:23 av couchboy]

Link to comment
Share on other sites

 

[log]Stäng av Spybot - Search & Destroy\TeaTimer.exe tills loggen är ok

Starta den inte

 

Fixa dessa rader

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

 

sen ta bort om hittas

 

C:\Program Files\Media Gateway\

 

starta om datorn och ny log[/log]

 

Link to comment
Share on other sites

okej.problemet är att spybot startar automatisk varje uppstart.Vet inte hur jag ställer om det. Nu senaste gången fick jag gå in i msconfig och stänga av teatimer i processlistan då den kördes innan jag körde hijack trots att jag stängt ner spybot.ska jag avinstallera spybot helt så länge och installera om det sen efter.ifall den blockar hijack på nåt sätt.

 

 

[inlägget ändrat 2008-11-17 16:51:18 av couchboy]

[inlägget ändrat 2008-11-17 16:57:51 av couchboy]

Link to comment
Share on other sites

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

Högerklicka på TeaTimer-ikonen vid klockan, ser ut som ett Windows-fönster med ett hänglås på, och välj Exit.

 

 

Link to comment
Share on other sites

Okej.har gjort det nu.På min spybot hette fliken minnesresident istället för resident men är väl bara skillnad på version.bocka ur teatimer där iaf. och startat om datorn 2 gånger efter varann.

 

bifogar en ny logg här.Visste inte om jag skulle svara dig eller zipp men är en uppföljning på tråden med zipp iaf så du kanske ser vad vi gjort om han/hon inte finns kvar. Hur ser loggen ut nu?

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:27:10, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 5963 bytes[/log]

 

Link to comment
Share on other sites

Okej.tack så jättemycket för all hjälp.Nu ska det ges alla poäng jag kan hitta på inlägg :)

 

att programfönstret börjat öppnas varje uppstart löste sig själv nu när ni hjälpte mig bli av med gatewaygrejen.

 

Återigen en massa tack.

 

en sista fråga bara:

 

kan jag aktivera teatimer igen nu??

 

mvh/Andreas

 

Link to comment
Share on other sites

hej trodde att allt var bra nu.satte igång teatimer och den fråga om ett ja till nåt value deleted i c/windows/pchealth. när jag starta om igen med teatimer så får mediagateway tillbaka än en gång... skickar log igen...

 

börjar undra om det lagt sii i spybot eller nåt...

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:07:43, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 6313 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Det måste vara Spybot som återställer rader i loggen.

Starta datorn i felsäkert läge

Sen fixa dessa rader

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

 

starta normalt och ny log[/log]

 

Link to comment
Share on other sites

okej gjort efter dina instruktioner. ser ut å ligga kvar i loggen. nedan följer ny logg.ska jag avinstallera spybot kanske?

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:20:11, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\id2scaps.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe

O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 6313 bytes

[/log]

 

Link to comment
Share on other sites

ny hijack log.ser den okej ut?

 

isf ska jag skippa å installera spybot nå mer på denna datorn?

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:53:06, on 2008-11-17

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Nhksrv.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\id2scaps.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?39d94cfdc62b4ca9b395c8a2426fc87

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?39d94cfdc62b4ca9b395c8a2426fc87

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/se/win/QuickTimeInstaller.exe

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: NVDESK32.DLL,avgrsstx.dll

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: iD2 Smart Card Server (id2scaps) - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

--

End of file - 5545 bytes

[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...