Just nu i M3-nätverket
Jump to content

Registerproblem


Sten Göranson

Recommended Posts

Sten Göranson

Jag har följande problem:

 

1) När jag startar upp datorn kommer en dialogruta upp med obegripliga tecken. Måste trycka ok för att gå vidare till inloggningsbilden.

 

2) Väl inne i Windows (XP-pro) är alla genväga korrupta (.lnk)

 

3) .exe-filer fungerar inte

 

Jag har hittat programvaror som fixar .exe och .lnk men allt återställs när jag startar om.

 

Har kört virussökning, Ad-aware i felsäkert läge

 

Tacksam för hjälp

 

 

[inlägget ändrat 2006-04-24 13:35:02 av Sten Göranson]

[inlägget ändrat 2006-04-24 13:39:12 av Sten Göranson]

Link to comment
Share on other sites

Vi kan ju se vad som försöker starta i datorn med hjälp av det här programmet:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Sten Göranson

[log]Logfile of HijackThis v1.99.1

Scan saved at 17:50:34, on 2006-04-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.telia.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;;localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\Ipswitch\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: C-Pen 10.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2534f310806956b7dc21/netzip/RdxIE601.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130950754703

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O18 - Protocol: bw+0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

Det finns en otrevlighet och några rester av någon annan i loggen, så vi kan ju se om det hjälper att ta bort dem.

 

Kör du Microsoft Windows Server Internet Information Services (IIS) webbserver?

 

Vad är det för årsmodell på din Norton/Symantec antivirus?

 

Har kört virussökning, Ad-aware i felsäkert läge

Hittades något?

 

Var säker på att du förstår allt nedan, fråga annars.

 

Ad-Watch i Ad-aware är en bra produkt men just nu så kan den förhindra de ändringar som vi vill ska göras.

Högerklicka på Ad-watch-ikonen nere vid klockan och välj "Restore Ad-Watch".

Avbocka valen "Active" och "Automatic" långt ner i fönstret.

 

Skanna med HijackThis och bocka sedan för dessa rader:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2534f310806956b7dc21/netzip/RdxIE601.cab

 

Avsluta alla andra program och fönster.

Tryck Fix checked.

 

Starta om datorn.

 

I ditt svar här så skriver du hur det har gått, hur datorn uppför sig, samt klistrar in en ny HijackThis-logg.

 

Link to comment
Share on other sites

Sten Göranson

Förefaller vara samma som förut med undantaget att Ad-watch Ger följande varningar:

 

1) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_LOCAL_MACHINE

Nyckel: Software\Microsoft\Internet Explorer\Search

Värde: CustomizeSearch

Nya data: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srch

 

2) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_LOCAL_MACHINE

Nyckel: Software\Microsoft\Internet Explorer\Main

Värde: Local Page

Nya data: c:\WINDOWS\system32\blank_htm

 

3) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_CURRENT_USER

Nyckel: Software\Microsoft\Windows\Current Version\Run

Värde: ctfmon.exe

Nya data: c:\WINDOWS\system32\cftmon.exe

 

4) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_CURRENT_USER

Nyckel: Software\Microsoft\Internet Explorer\Main

Värde: Local Page

Nya data: c:\WINDOWS\system32\blank_htm

 

------

Jag använder Norton Antivirus 2003 med prenumerationstjänst till 2007-02-10

Auto-protect är "AV"-markerat och går inte att aktivera. Virussökning av e-post är "FEL"-markerat.

 

Har kört virussökning i feläkert läge med virusdefinition 2006-04-19

------

Jag använder IIS

 

Här komme loggfil:

 

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:49:28, on 2006-04-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login1.telia.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_Title

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy1.telia.com:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://login1.telia.com;http://10.0.0.6;;localhost;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\Ipswitch\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKCU\..\Run: [AWMON] "C:\Program\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: C-Pen 10.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://login1.telia.com

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130950754703

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f008.mail.spray.se/app/uploader/FileUploader.cab

O18 - Protocol: bw+0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {221281A5-5F1C-4754-929B-3CAC62A73719} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

Link to comment
Share on other sites

1) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_LOCAL_MACHINE

Nyckel: Software\Microsoft\Internet Explorer\Search

Värde: CustomizeSearch

Nya data: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srch

 

2) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_LOCAL_MACHINE

Nyckel: Software\Microsoft\Internet Explorer\Main

Värde: Local Page

Nya data: c:\WINDOWS\system32\blank_htm

 

4) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_CURRENT_USER

Nyckel: Software\Microsoft\Internet Explorer\Main

Värde: Local Page

Nya data: c:\WINDOWS\system32\blank_htm

Förändringarna tillåts lämpligen. Hänger väl ihop med några av R0-raderna som jag bad dig bocka för.

 

3) Ett försök att ändra ett skyddat objekt har upptäckts

Rot: HKEY_CURRENT_USER

Nyckel: Software\Microsoft\Windows\Current Version\Run

Värde: ctfmon.exe

Nya data: c:\WINDOWS\system32\cftmon.exe

Du har stavat filnamnet på två sätt. Om det är så att stavningen ska vara cTFmon.exe så är det en fil som har med MS Office att göra normalt. Läs här:

http://www.bleepingcomputer.com/startups/ctfmon.exe-1121.html

står bland annat hur man hindrar Office från att vilja lägga den att starta automatiskt. Eller tillåt den så att Office fungerar som bäst.

 

Auto-protect är "AV"-markerat och går inte att aktivera. Virussökning av e-post är "FEL"-markerat.

Förklarar väl varför det är så Norton-processer igång. Symantec har slutat att stödja årsmodell 2003.

Använd ett gratis antivirusprogram i stället, t ex Avast, för bättre skydd:

http://www.avast.com/eng/avast_4_home.html?sa=X

Du kan skanna igenom datorn t ex med denna online-skanning för en extra kontroll:

http://www.kaspersky.com/virusscanner?sa=X

 

Kan du ta en skärmdump på den obegripliga dialogrutan genom att trycka Print Screen och sedan när du kommer in i Windows ta upp Paint och välja Klistra in?

 

Jag har hittat programvaror som fixar .exe och .lnk men allt återställs när jag startar om.

Vad för programvaror?

 

Link to comment
Share on other sites

Sten Göranson

Körde Avast som hittade några trojaner mm. Efter det fungerar datorn perfekt med ett undantag: dialogrutan finns kvar när jag startar datorn. Men nu kan man läsa delar av denna. Texten ändras varje gång men

C:\Windows\AppPatch och Program\Delade filer\Microsoft shared\web serv återkommer regelbundet.

 

Kan inte ta någon skärmdump i detta läge.

 

Link to comment
Share on other sites

C:\Windows\AppPatch

Mappen har jag, den innehåller filer som är äldre än datorn.

 

Program\Delade filer\Microsoft shared\web serv

Mappen har jag inte, den kanske har att göra med IIS?

Vet inte men du kan ju se om det blir bättre genom att ominstallera IIS.

 

Körde Avast som hittade några trojaner mm.

Kör någon online-skanning också då för säkerhets skull:

http://housecall.trendmicro.com/ eller http://www.pandasoftware.com/products/activescan/

http://www.bitdefender.com/scan8/ie.html

och något antispionprogram:

http://www.ewido.net/en/

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...