2008-01-05, 19:16
#1
fucked up dator som inte mycket funkar på, fick igenom en hijackthis log iaf.. tacksam för snabbt svar.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:08:39, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
D:\PC Tools AntiVirus\PCTAVSvc.exe
E:\Program\Spyware Doctor\sdhelp.exe
E:\Program\D-Tools\daemon.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\iid.exe
E:\Program\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe
E:\Program\NETGEAR\WG111v2\WG111v2.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\taskmgr.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\SCardSvr.exe
E:\Program\Grisoft\AVG7\avgcc.exe
E:\Program\Grisoft\AVG7\avgwb.dat
E:\Program\Grisoft\AVG7\avgamsvr.exe
E:\Program\Grisoft\AVG7\avgemc.exe
E:\Program\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Lemon\Skrivbord\HiJackThis_v2.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program\Google\GoogleToolbarNotifier\2.0.301.71 64\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Program\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Net iD] E:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [TrojanScanner] E:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [PCTAVApp] "D:\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "E:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] E:\Program\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe
O4 - HKCU\..\Run: [Skype] "E:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AntiSpywareBot] d:\Program\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = E:\Program\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - E:\Program\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137200270875
O17 - HKLM\System\CCS\Services\Tcpip\..\{08782191-0D19-41FA-9051-DB44512B7A7F}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{19883F58-8CAE-4462-80F2-326C49B15EEA}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E05D5BD-ABF8-4A59-A1C9-811D8F0C3D36}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{67BC4BE9-751A-4F7B-94C0-711BA70FDAF9}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E79BDFCE-D466-4EE3-AEF7-E62A3E5CF879}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{08782191-0D19-41FA-9051-DB44512B7A7F}: NameServer = 193.11.104.10,193.11.104.20
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - D:\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - E:\Program\Spyware Doctor\sdhelp.exe
--
End of file - 7132 bytes
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:08:39, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\nvsvc32.exe
D:\PC Tools AntiVirus\PCTAVSvc.exe
E:\Program\Spyware Doctor\sdhelp.exe
E:\Program\D-Tools\daemon.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\iid.exe
E:\Program\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program\MSN Messenger\MsnMsgr.Exe
E:\Program\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe
E:\Program\NETGEAR\WG111v2\WG111v2.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\taskmgr.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\SCardSvr.exe
E:\Program\Grisoft\AVG7\avgcc.exe
E:\Program\Grisoft\AVG7\avgwb.dat
E:\Program\Grisoft\AVG7\avgamsvr.exe
E:\Program\Grisoft\AVG7\avgemc.exe
E:\Program\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Lemon\Skrivbord\HiJackThis_v2.exe
E:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program\Google\GoogleToolbarNotifier\2.0.301.71 64\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\Program\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Net iD] E:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [TrojanScanner] E:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [PCTAVApp] "D:\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "E:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] E:\Program\Google\GoogleToolbarNotifier\GoogleTool barNotifier.exe
O4 - HKCU\..\Run: [Skype] "E:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AntiSpywareBot] d:\Program\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = E:\Program\NETGEAR\WG111v2\WG111v2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - E:\Program\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137200270875
O17 - HKLM\System\CCS\Services\Tcpip\..\{08782191-0D19-41FA-9051-DB44512B7A7F}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{19883F58-8CAE-4462-80F2-326C49B15EEA}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E05D5BD-ABF8-4A59-A1C9-811D8F0C3D36}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{67BC4BE9-751A-4F7B-94C0-711BA70FDAF9}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E79BDFCE-D466-4EE3-AEF7-E62A3E5CF879}: NameServer = 193.11.104.10,193.11.104.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{08782191-0D19-41FA-9051-DB44512B7A7F}: NameServer = 193.11.104.10,193.11.104.20
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - D:\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - E:\Program\Spyware Doctor\sdhelp.exe
--
End of file - 7132 bytes
