Hur blir jag av med errorsafe?

[lajn]

Drabbad av samma sak som de andra... =/

Vilket antivirus prog rekommenderar ni?

Här e loggen:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:05:16, on 2006-09-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\HP\QuickPlay\QPService.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Google\Google Talk\googletalk.exe

C:\Program\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE

C:\Program\HPQ\Shared\HPQTOA~1.EXE

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program\nbs-irc\mirc.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Linus\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program\Google\Google Talk\googletalk.exe" /autostart

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

[/log]

 

[lajn]

Drabbad av samma sak som de andra... =/

Vilket antivirus prog rekommenderar ni?

Här e loggen:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:05:16, on 2006-09-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\HP\QuickPlay\QPService.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program\Google\Google Talk\googletalk.exe

C:\Program\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE

C:\Program\HPQ\Shared\HPQTOA~1.EXE

C:\Program\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program\nbs-irc\mirc.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\PROGRAM\MOZILL~1\FIREFOX.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Linus\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program\Google\Google Talk\googletalk.exe" /autostart

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

[/log]

 

 

[Zipp.]

 

Uppdatera Java hittas i Kontrollpanelen.

Ser inget i loggen men kanske Combofix ser nåt.

 

Ladda ner på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig.

 

 

[lajn]

Till och börja med hiitar jag inte ens Java (!?) =/

 

[lajn]

Hittade Java, det var redan uppdaterat till det senaste.

körde combofix utan några problem:

 

[log]Linus - 06-09-15 10:08:34,35 Service Pack 2

ComboFix 06.09.14 - Running from: C:\Documents and Settings\Linus\Skrivbord

 

((((((((((((((((((((((((((((((( Files Created from 2006-08-15 to 2006-09-15 ))))))))))))))))))))))))))))))))))

 

 

2006-08-30 13:46 0 -rahs---- C:\MSDOS.SYS

2006-08-30 13:46 0 -rahs---- C:\IO.SYS

2006-08-29 12:39 61,440 --a----t- C:\WINDOWS\system32\pavipc.dll

2006-08-29 12:39 45,056 --a------ C:\WINDOWS\system32\avldr.dll

2006-08-29 12:39 446,464 --a------ C:\WINDOWS\system32\HHActiveX.dll

2006-08-29 12:39 253,952 --a----t- C:\WINDOWS\system32\PavSHook.dll

2006-08-29 12:39 131,072 --a----t- C:\WINDOWS\system32\TpUtil.dll

2006-08-29 12:39 102,400 --a----t- C:\WINDOWS\system32\SYSTOOLS.DLL

2006-08-29 12:13 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2006-08-25 15:41 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll

2006-08-25 15:41 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll

2006-08-25 15:41 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll

2006-08-25 15:41 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll

2006-08-25 15:41 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll

2006-08-25 15:41 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll

2006-08-25 15:41 76,288 --a------ C:\WINDOWS\system32\uniime.dll

2006-08-25 15:41 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll

2006-08-25 15:41 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll

2006-08-25 15:41 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll

2006-08-25 15:41 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll

2006-08-25 15:41 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll

2006-08-25 15:41 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll

2006-08-25 15:41 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbd106.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll

2006-08-25 15:41 6,144 --a------ C:\WINDOWS\system32\kbd101.dll

2006-08-25 15:41 5,632 --a------ C:\WINDOWS\system32\kbd103.dll

2006-08-25 15:41 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll

2006-08-25 15:41 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll

2006-08-25 15:33 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll

2006-08-22 14:58 2,829 --a------ C:\WINDOWS\War3Unin.pif

2006-08-22 14:58 139,264 --a------ C:\WINDOWS\War3Unin.exe

2006-08-21 02:10 9,488 --a------ C:\WINDOWS\system32\sporder.dll

2006-08-21 02:10 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-09-15 09:38 -------- d-------- C:\Program\Mozilla Firefox

2006-09-14 16:41 -------- d-------- C:\Program\nbs-irc

2006-09-14 15:55 -------- d-------- C:\Program\MSN Messenger

2006-09-14 15:55 -------- d-------- C:\Program\Internet Explorer

2006-09-14 15:55 -------- d-------- C:\Program\Google

2006-09-13 20:44 -------- d-------- C:\Program\WinRAR

2006-09-13 20:44 -------- d-------- C:\Program\Winamp

2006-09-13 20:43 -------- d-------- C:\Program\Messenger

2006-09-13 13:29 -------- d-------- C:\Program\Personal

2006-09-13 13:29 -------- d-------- C:\Documents and Settings\Linus\Application Data\Personal

2006-09-13 13:18 -------- d-------- C:\Documents and Settings\Linus\Application Data\Talkback

2006-09-13 13:18 -------- d-------- C:\Documents and Settings\Linus\Application Data\Mozilla

2006-09-12 10:18 -------- d-------- C:\Documents and Settings\Linus\Application Data\uTorrent

2006-09-11 19:56 -------- d-------- C:\Program\DAEMON Tools

2006-09-10 21:32 -------- d-------- C:\Documents and Settings\Linus\Application Data\dvdcss

2006-09-10 21:31 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2006-09-10 21:28 96256 --a------ C:\WINDOWS\system32\drivers\sptd6589.sys

2006-09-10 21:28 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2006-09-10 12:46 -------- d-------- C:\Program\Delade filer\LightScribe

2006-09-09 16:51 -------- d-------- C:\Program\TrackMania Nations ESWC

2006-09-08 13:12 -------- d-------- C:\Program\IEAK

2006-09-08 13:11 -------- d-------- C:\Program\ORKTools

2006-09-08 13:11 -------- d-------- C:\Program\Microsoft Office

2006-09-08 12:35 -------- d---s---- C:\Documents and Settings\Linus\Application Data\Microsoft

2006-09-08 11:27 -------- d-------- C:\Program\Web Publish

2006-09-08 11:27 -------- d-------- C:\Program\Microsoft Visual Studio

2006-09-08 11:27 -------- d-------- C:\Program\Delade filer\Microsoft Shared

2006-09-08 11:27 -------- d-------- C:\Program\Delade filer\Designer

2006-09-08 11:21 -------- d-------- C:\Program\Microsoft ActiveSync

2006-09-08 11:21 -------- d-------- C:\Program\Delade filer\System

2006-09-08 11:21 -------- d-------- C:\Program\Delade filer

2006-09-08 00:09 -------- d-------- C:\Program\Warcraft III

2006-09-07 23:03 -------- d-------- C:\Program\Ventrilo

2006-09-07 23:03 -------- d-------- C:\Program\uTorrent

2006-09-06 22:40 -------- d-------- C:\Program\PowerISOv3.1

2006-09-04 22:23 -------- d-------- C:\Documents and Settings\Linus\Application Data\Azureus

2006-08-30 21:34 -------- d-------- C:\Documents and Settings\Linus\Application Data\vlc

2006-08-30 13:20 -------- d-------- C:\Documents and Settings\Linus\Application Data\Sun

2006-08-30 10:27 -------- d-------- C:\Program\Azureus

2006-08-30 09:59 -------- d-------- C:\Program\VideoLAN

2006-08-29 19:47 -------- d-------- C:\Program\Steam

2006-08-29 19:16 -------- d-------- C:\Program\reforce

2006-08-29 12:55 9216 --a----t- C:\WINDOWS\system32\drivers\fnetmon.sys

2006-08-29 12:55 44928 --a----t- C:\WINDOWS\system32\drivers\APPFLT.SYS

2006-08-29 12:55 36224 --a----t- C:\WINDOWS\system32\drivers\NETFLTDI.SYS

2006-08-29 12:55 26752 --a----t- C:\WINDOWS\system32\drivers\ShldDrv.sys

2006-08-29 12:55 178944 --a----t- C:\WINDOWS\system32\drivers\idsflt.sys

2006-08-29 12:55 163856 --a----t- C:\WINDOWS\system32\drivers\PavProc.sys

2006-08-29 12:55 115968 --a----t- C:\WINDOWS\system32\drivers\netflt.sys

2006-08-29 12:39 -------- d--h----- C:\Program\InstallShield Installation Information

2006-08-29 12:17 -------- d-------- C:\Program\Delade filer\Panda Software

2006-08-26 14:18 10345 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

2006-08-26 14:18 -------- d-------- C:\Program\Hamachi

2006-08-26 14:10 -------- d-------- C:\Program\mIRC

2006-08-26 12:32 -------- d-------- C:\Program\Heroes_of_Might_and_Magic_III_Complete

2006-08-25 15:33 -------- d-------- C:\Program\Ocean Technology

2006-08-25 14:06 -------- d-------- C:\Documents and Settings\Linus\Application Data\Ventrilo

2006-08-25 13:23 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard

2006-08-21 17:00 -------- d-------- C:\Program\Outlook Express

2006-08-21 16:53 -------- d-------- C:\Documents and Settings\Linus\Application Data\Help

2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll

2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe

2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys

2006-08-21 04:01 -------- d-------- C:\Documents and Settings\Linus\Application Data\AdobeUM

2006-08-21 04:00 -------- d-------- C:\Program\Delade filer\Adobe

2006-08-21 04:00 -------- d-------- C:\Documents and Settings\Linus\Application Data\Adobe

2006-08-21 02:10 -------- d-------- C:\Program\Panda Software

2006-08-21 02:04 -------- d-------- C:\Program\Delade filer\Symantec Shared

2006-08-20 22:31 -------- d-------- C:\Documents and Settings\Linus\Application Data\Macromedia

2006-08-20 10:43 -------- d--h----- C:\Program\WindowsUpdate

2006-08-20 10:43 -------- d--h----- C:\Program\Uninstall Information

2006-08-20 10:43 -------- d-------- C:\Program\xerox

2006-08-20 10:43 -------- d-------- C:\Program\Windows NT

2006-08-20 10:43 -------- d-------- C:\Program\Windows Media Player

2006-08-20 10:43 -------- d-------- C:\Program\Windows Media Connect 2

2006-08-20 10:43 -------- d-------- C:\Program\Synaptics

2006-08-20 10:43 -------- d-------- C:\Program\Sonic

2006-08-20 10:43 -------- d-------- C:\Program\Onlinetj„nster

2006-08-20 10:43 -------- d-------- C:\Program\NetWaiting

2006-08-20 10:43 -------- d-------- C:\Program\NetMeeting

2006-08-20 10:43 -------- d-------- C:\Program\MSN Gaming Zone

2006-08-20 10:43 -------- d-------- C:\Program\Movie Maker

2006-08-20 10:43 -------- d-------- C:\Program\Microsoft Works

2006-08-20 10:43 -------- d-------- C:\Program\microsoft frontpage

2006-08-20 10:43 -------- d-------- C:\Program\Java

2006-08-20 10:43 -------- d-------- C:\Program\HP

2006-08-20 10:43 -------- d-------- C:\Program\DIFX

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\TiVo Shared

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\SureThing Shared

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\SpeechEngines

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\Sonic Shared

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\Services

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\ODBC

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\MSSoap

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\Java

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\InstallShield

2006-08-20 10:43 -------- d-------- C:\Program\Delade filer\HP

2006-08-20 10:43 -------- d-------- C:\Program\CONEXANT

2006-08-20 10:43 -------- d-------- C:\Program\ComPlus Applications

2006-08-20 10:43 -------- d-------- C:\Program\Adobe

2006-08-20 10:43 -------- d-------- C:\Documents and Settings\Linus\Application Data\Identities

2006-08-20 04:55 -------- d-------- C:\Documents and Settings\Linus\Application Data\CyberLink

2006-08-20 04:54 -------- d-------- C:\Documents and Settings\Linus\Application Data\HP

2006-08-20 02:11 -------- d-------- C:\Program\Hewlett-Packard

2006-08-20 02:00 -------- d-------- C:\Program\HPQ

2006-08-16 00:44 -------- d-------- C:\Program\DC++

2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

2006-06-22 07:17 69120 --a------ C:\WINDOWS\system32\ciodm.dll

2006-06-22 07:17 1438208 --a------ C:\WINDOWS\system32\query.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"googletalk"="\"C:\\Program\\Google\\Google Talk\\googletalk.exe\" /autostart"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpWirelessAssistant"="C:\\Program\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"nwiz"="nwiz.exe /installquiet /nodetect"

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe"

"SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"QPService"="\"C:\\Program\\HP\\QuickPlay\\QPService.exe\""

"HP Software Update"="C:\\Program\\Hp\\HP Software Update\\HPWuSchd2.exe"

"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65, 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63, 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74, 61,72,74,00

"Cpqset"="C:\\Program\\Hewlett-Packard\\Default Settings\\cpqset.exe"

"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"

"APVXDWIN"="\"C:\\Program\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s"

"SCANINICIO"="\"C:\\Program\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\""

"ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"ISUSScheduler"="\"C:\\Program\\Delade filer\\InstallShield\\UpdateService\\issch.exe\" -start"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00, 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff, ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00, 00,00,01,00,00,00

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders

securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\Internet-tj„nster.job

 

Completion time: 2006-09-15 10:09:57.76

ComboFix.txt

[/log]

 

[inlägget ändrat 2006-09-15 10:28:17 av lajn]

 

[inlägget ändrat 2006-09-15 13:27:53 av Anders N]

[Zipp.]

 

Ser inget här heller.

Kommer errorsafe popups bara på vissa sidor eller ?

 

[Cecilia]

lajn, skulle du kunna vara snäll och trycka på Redigera under ditt inlägg med loggen från Combofix. Där så markerar (målar) du hela loggen och så trycker du på LOG-knappen som finns på samma rad som .

 

[lajn]

det går inte att redigera "eftersom det finns kommenterar på loggen"

 

[lajn]

det kmr bara på vissa sidor verkar det som: www.torrentspy.com får jag upp en pop-up nu som vill att jag ska installera WinAntiVirus Pro 2006 för att kolla min dator gratis....

Jag tror det e från samma sida jag fått errorsafe...

 

[lajn]

När jag får pop-upsen så stänger jag bara ner dem genom Ctrl+Alt+Delete/avsluta aktivitet...så det kanske inte e ngt problem?

Fast om min flickvän skulle använda datorn så skulle hon säkert kunna trycka ngnstans på meddelandet... så det e väl ett problem. Iof ska man ju inte ens kunna få pop-ups så här...

 

 

[Cecilia]

det går inte att redigera "eftersom det finns kommenterar på loggen"

Tyvärr (i just detta avseende) så hann Zipp svara på inlägget innan du hann försöka redigera det.

 

[lajn]

ok då får det vara långt o jobbigt

 

[Zipp.]

 

Jag får också pop ups på www.torrentspy.com ex. PartyPoker,Casino

Du kan ju testa att scanna med BlackLight om nåt hittas så skicka loggen

 

http://www.f-secure.com/blacklight/

 

 

 

 

 

[lajn]

Ok. Scanen hittade inget. Nu när jag går in på www.torrentspy.com får jag inte upp ngn pop-up alls. Ville även tillägga att när jag startade upp datorn i morse upplevdes den som seg o annorlunda men efter jag körde Hjt och combofix så känns det som det flyter på bättre...(?)

men det kanske har att göra med att man själv piggnat till lite, fast det tror jag inte...

[inlägget ändrat 2006-09-15 11:52:04 av lajn]

[Zipp.]

 

> morse upplevdes den som seg <

 

Du kan Googla dessa och stäng av via msconfig > autostart dom som inte är viktiga för systemet.

 

 

[log]O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"

O4 - HKCU\..\Run: [googletalk] "C:\Program\Google\Google Talk\googletalk.exe" /autostart

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe[/log]

 

[Dif-livet]

Hej, jag har precis samma problem, orkade först inte bry mig men nu går det mig på nerverna, och jag hoppas någon kan svara mig, skickar med en logg här

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:38:08, on 2006-12-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\DOCUME~1\Niklas\LOCALS~1\Temp\clclean.0001

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\PROGRA~1\mcafee.com\mps\mscifapp.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Niklas\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=0060907

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=0060907

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen'>http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=0060907

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll

O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PokeJugsIdolList] C:\Documents and Settings\All Users\Application Data\Help dvd poke jugs\GramFile.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ooze data] C:\DOCUME~1\Niklas\APPLIC~1\ABOUTS~1\Freeload.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[/log]

 

 

[Cecilia]

Det hade varit bättre om du startat upp en egen tråd för det blir så lätt rörigt med flera datorer i samma tråd, men men

 

Man ska alltid åtgärda otrevligheter på en gång för man vet inte vad de gör med datorn, t ex stjäl lösenord till mejl, online-spel etc.

 

Det är en gammal Java-version med säkerhetshål i datorn. Avinstallera alla Java i Kontrollpanelen - Lägg till eller ta bort program och installera därefter en ny: http://www.java.com/sv/

 

HijackThis ska inte ligga på Skrivbordet för då är det så lätt att dess säkerhetskopior kommer bort. Ladda ner och installera denna variant i stället:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Gå sedan till installationsmappen, normalt C:\Program Files\Hijackthis, med Utforskaren eller Den här datorn och byt namn på programmet HijackThis.exe till något annat, t ex rensning.exe, skapa sedan en ny logg som klistras in här.

 

Ladda ner NoLop till Skrivbordet:

http://www.spywareedge.net/nolop/NoLop.exe

Stäng alla program för datorn kommer att startas om.

Dubbelklicka på NoLop för att starta det.

Klicka på Search and Destroy

Om något hittas så kommer det ett meddelande om att starta om datorn, klicka då på OK

Klicka på Reboot

Ett meddelande borde komma upp från NoLop, om inte så dubbelklicka på programmet igen och det kommer att göra det sista.

 

Klistra in C:\NoLop.log.

 

[/Thomas]

Hej Dif-livet!

 

Om det är error safe du vill bli av med på ett enkelt sätt..

 

Besök då: http://www.f-secure.com/v-descs/zlob.shtml

 

och gör som det står..

 

"This utility deactivates the components of variants of the Zlob trojan which silently install spyware/adware/rogue anti-spyware. (Such as SpywareQuake, SpyFalcon, MalwareWipe and SpywareStrike.)

Download: http://www.f-secure.com/tools/f-spyaxe.zip

 

 

Unzip f-spyaxe.zip to the desktop.

Reboot the computer into safe mode by pressing "F8" at boot up.

See Microsoft's page for detailed instructions.

Double click f-spyaxe.reg and click yes to merge the information into the registry.

Reboot the machine.

 

The tool was last updated on October 6th, 2006. "

 

Kör därefter bl.a. Blacklight: http://www.f-secure.com/blacklight/try_blacklight.html

för att se att du inte har några rootkits installerade..

 

Samt gör en onlineavsökning av din dator..

http://www.kaspersky.com/virusscanner

 

 

/Thomas

Ladda ner professionella väl genomtänkta installationsanvisningar som ger hög säkerhet mot virus & angrepp, stabil drift samt optimal prestanda på: http://www.winguider.se Finns för Win2000 Pro & för XP Pro (3 olika versioner) Ej för XP home

 

[Cecilia]

Thomas, varför tror du att Dif-livet är infekterad av Zlob? Jag kan inte se minsta spår av det i loggen (eller i någon av de andra loggarna i den här tråden heller för den delen).

 

[/Thomas]

Hej cecilia!

 

varför tror du att Dif-livet är infekterad av Zlob?

 

Om du besöker länken jag klistrade in så ser du att Zlob ofta används för att installera spyware... som just errorsafe.. som f-secure döpt till Winfixer..

 

se: http://www.f-secure.com/sw-desc/winfixer.shtml

 

There are also reported cases where Winfixer has been installed by trojans. .....

 

Please also see the description for Zlob for additional details and a removal tool.

 

M.a.o. så kan zlob vara bidragande orsak till att errorsafe finns..

Fixen finns lätt tillgänligt och är lätt at hämta och köra..

 

Så varför skulle man inte prova den??

 

 

/Thomas

Ladda ner professionella väl genomtänkta installationsanvisningar som ger hög säkerhet mot virus & angrepp, stabil drift samt optimal prestanda på: http://www.winguider.se Finns för Win2000 Pro & för XP Pro (3 olika versioner) Ej för XP home

 

[Cecilia]

Jag har sett många Zlob-infekterade datorer men ingen av dem klagar på Errorsafe, utan just på de program som F-secure har listat på webbsidan om Zlob. Errorsafe-infektionerna i den här tråden är en helt annan infektion än Zlob. Det är klart att man alltid kan köra registerfixen för Zlob, men det är väl ganska meningslöst att hålla på och ladda hem 10-tals registerfixar för olika infektioner i stället för att ta reda på vad som finns i datorn och föreslå rätt motmedel. I den här loggen syns det tydligt att det är en LOP-infektion:

 

 

[Sally1]

Hej! Jag har också problem med errorsafe. Min log ser ut såhär:

[log]Logfile of HijackThis v1.99.1

Scan saved at 15:58:34, on 2006-12-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\HP\QuickPlay\QPService.exe

C:\Program\Hp\HP Software Update\HPWuSchd2.exe

C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Picasa2\PicasaMediaDetector.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\LogiTray.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopDisplay.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Logitech\Video\FxSvr2.exe

C:\Program\Google\Google Talk\googletalk.exe

C:\Program\hpq\Shared\HPQTOA~1.EXE

C:\Program\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\Program\iTunes\iTunes.exe

c:\Program\NORTON~1\NORTON~1\navw32.exe

C:\Program\Internet Explorer\iexplore.exe

c:\Program\Delade filer\Symantec Shared\NMain.exe

C:\Documents and Settings\Sara Nordström\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tv.nu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=F5kUvMA3qzatxQYFTU7Y62CcoI8

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program\Hewlett-Packard\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot

O4 - HKCU\..\Run: [googletalk] "C:\Program\Google\Google Talk\googletalk.exe" /autostart

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=64&bd=pavilion&pf=laptop

O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED10E71-0B80-496D-8716-C0A48457D1E7}: NameServer = 193.11.224.20,193.11.224.21

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program\Norton Internet Security\comHost.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center-tjänst (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe[/log]

 

[Cecilia]

Är det här något du har ställt in själv?

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=F5kUvMA3qzatxQYFTU7Y62CcoI8

Jag har aldrig sett en sådan rad i en HijackThis-logg och jag kan inte hitta någon med Google heller.

 

Det är det enda som ser underligt ut i loggen.

 

Dyker Errorsafe upp hela tiden eller bara när du besöker vissa webbsidor?

 

[Sally1]

Har inget minne av att det skulle vara något jag installerat själv nej. Det dyker upp lite då och då gör det. Inte hela tiden.

 

[Cecilia]

Okej, vi gör ett försök med att ta bort raden så får vi se hur det går.

 

HijackThis ska inte ligga på Skrivbordet för då kan säkerhetskopiorna programmet skapar komma bort. Ta bort den HijackThis du har och installera denna variant i stället.

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Skanna med HijackThis och bocka för:

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/&s=F5kUvMA3qzatxQYFTU7Y62CcoI8

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

Kolla hur det funkar nu.

 

Om du skulle få något problem med internet (inte fungerar alls eller så) så kan du återställa ändringen i HijackThis så här:

Starta HijackThis

None of the above, just start the program

Config

Backups

Markera raden

Restore

avsluta HijackThis

Starta om datorn.