Just nu i M3-nätverket
Jump to content

Mitt e-postproblem.


NisseXYZ

Recommended Posts

Tar om med viss ändring i ett nytt inlägg.

 

Outlook Express fungerar inte. Inte heller kan jag få upp sidan med Glocalnets webmail. Mycket egendomligt!

 

Annars fungerar Internet Explorer utan problem.

 

Jag tog bort AVG Antivirus Free Edition. Det hjälpte inte.

 

Tidigare har jag kunnat läsa min e-post i min gamla dator när det har varit problem med den nya. Nu har jag samma problem på den gamla. Det måste vara AVG som spökar på något sätt.

Den har jag hållit UPPDATERAD på BÅDA datorerna.

 

Felmeddelande FÖRE borttagning av AVG:

 

Serversvar ERR AVG POP3 Proxy Server, Felnummer: 0x800CCC90

 

Felmeddelande EFTER borttagning av AVG:

 

Det gick inte att ansluta till servern. ... Socket-fel:10060, Felnummer: 0x800CCC0E.

 

Vad gör man?

 

 

Link to comment
Share on other sites

Korsposta inte

Din andra tråd har raderats!

 

Om din tråd hamnat fel - anmäl den och be moderator flytta den.

 

och har du dessutom inte en gammal tråd du kunde fortsatt i? Detta är väl en del av samma beskriver här:

//eforum.idg.se/viewmsg.asp?EntriesId=897205

 

/T

Moderator Epostprogram

 

Link to comment
Share on other sites

HIJACKTHIS-log om det kan ge något:

 

C:\DOCUME~1\HANSER~1\LOKALA~1\Temp\Temporär katalog 1 för hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Class - {D4897EB1-3761-BABB-C66E-7AC9865959A3} - C:\WINDOWS\lqovt1.dll (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [awlt2.exe] C:\WINDOWS\Temp\awlt2.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O17 - HKLM\System\CCS\Services\Tcpip\..\{163BB718-1872-4A33-B41C-17D27FDB0922}: NameServer = 213.150.135.211 213.150.135.210

O17 - HKLM\System\CS1\Services\Tcpip\..\{163BB718-1872-4A33-B41C-17D27FDB0922}: NameServer = 213.150.135.211 213.150.135.210

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\Program\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

 

 

Link to comment
Share on other sites

Installera denna variant av HijackThis så att det blir korrekt installerat

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du hela HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]

Logfile of HijackThis v1.99.1

Scan saved at 11:17:27, on 2006-12-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\stacsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program\Dell Photo AIO Printer 944\memcard.exe

C:\WINDOWS\Temp\awlt2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\dlcdcoms.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Documents and Settings\Hans Eriksson\Skrivbord\HIJACKTHIS MAPP\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Class - {D4897EB1-3761-BABB-C66E-7AC9865959A3} - C:\WINDOWS\lqovt1.dll (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [awlt2.exe] C:\WINDOWS\Temp\awlt2.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O17 - HKLM\System\CCS\Services\Tcpip\..\{163BB718-1872-4A33-B41C-17D27FDB0922}: NameServer = 213.150.135.211 213.150.135.210

O17 - HKLM\System\CS1\Services\Tcpip\..\{163BB718-1872-4A33-B41C-17D27FDB0922}: NameServer = 213.150.135.211 213.150.135.210

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\Program\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Det ser ut som att datorn vill dra igång både McAfee antivirus och AVG antivirus, men inga sådana processer är igång. Om du inte ska använda programmen så avinstallera dem ordentligt annars så kan de ligga kvar och störa, det går inte att bara stänga av deras processer.

 

Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {D4897EB1-3761-BABB-C66E-7AC9865959A3} - C:\WINDOWS\lqovt1.dll (file missing)

O4 - HKLM\..\Run: [awlt2.exe] C:\WINDOWS\Temp\awlt2.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\Temp\awlt2.exe

C:\WINDOWS\lqovt1.dll

 

Starta om i normalt läge och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

Genomförde åtgärderna. Sökte sedan på textsträngar awlt*.* och lqovt*.*.

 

Resultat: AWLT2.EXE-39332413.pf

 

finns i C:\WINDOWS\Prefetch

och

awlt1.exe

 

finns i C:\WINDOWS\Temp

 

HJT-log:

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 18:51:53, on 2006-12-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\stacsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program\Dell Photo AIO Printer 944\memcard.exe

C:\WINDOWS\system32\dlcdcoms.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Dell Support\DSAgnt.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Documents and Settings\Hans Eriksson\Skrivbord\HIJACKTHIS MAPP\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\Program\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Du kan ta bort filen i Prefetch-mappen, men det är inte nödvändigt.

 

Du ska däremot dömma mappen C:\WINDOWS\Temp på så många filer som det går.

 

Jag ser inte längre något otrevligt i loggen.

 

Det är inte lämpligt att ha två aktiva antivirusprogram i datorn, det kan leda till konstiga problem, så det är dags att bestämma vilket av McAfee och AVG du ska avinstallera och se till att det andra är igång som det ska.

 

När det är klart så är frågan hur datorn mår.

 

Link to comment
Share on other sites

FRÅGA 1: Vad innebär i klartext att "tömma mappen C:\WINDOWS\Temp på så många filer som det går"?

 

Efter de problem jag haft de senaste veckorna, först med McAfee och nu med AVG, tänkte jag nog inte använda någon av dem, utan försöka hitta något annat.

 

FRÅGA 2: Om jag gör så, ska jag ta bort awlt1.exe också?

 

FRÅGA 3: Vilken funktion har det programmet och indikerar siffran version av programmet eller vad?

 

FRÅGA 4: Hur får jag på lämpligt sätt reda på datorns "hälsotillstånd"?

 

 

 

 

Link to comment
Share on other sites

Svar 1:

Att du resnar temporära filer i från datorn.

 

Svar 2:

vad är det för något?

 

Svar 3:

siffrar vet amn inte avd den indikerar förens man vet programmet.

 

Svar 4:

CCleaner.

 

ladda ner CCleaner och kör lite så ordnar sig lite saker:)

 

 

Lycka Till!

 

//MvH Walle

 

Link to comment
Share on other sites

1. Gå till mappen med Utforskaren/Den här datorn, markera filer och tryck på Delete. En del filer kommer troligen inte kunna tas bort för att de används men försök få bort så många som möjligt. Den mappen ska bara innehålla tillfälliga filer så det ska aldrig vara något viktigt i den så man ska kunna ta bort alla filer som inte används.

 

2. Ja

 

3. Ingen aning, det är inget normalt program. Det finns inte när man googlar så det är troligen något otrevligt. Om du vill veta mer om det så kan du gå till http://www.virustotal.com/ bläddra fram filen, tryck på Send och vänta tills resultatet är klart (Status blir Finished).

 

4. Se mina råd för en säkrare dator t ex här: //eforum.idg.se/viewmsg.asp?EntriesId=896155#897270

 

 

Link to comment
Share on other sites

Då har jag gjort allt detta. Men jag får samma felmeddelande:

 

Det gick inte att ansluta till servern. Konto: 'pop.glocalnet.net', Server: 'pop.glocalnet.net', Protokoll: POP3, Port: 110, Secure (SSL): Nej, Socket-fel: 10060, Felnummer: 0x800CCC0E

 

Jag kan heller inte få upp sidorna:

 

webmail.glocalnet.net

mail.glocalnet.net.

www.glocalnet.se (Ja, inte ens den!)

 

Andra sidor kan jag titta på utan problem.

 

Jag har uppringt Internet och ett V.92-modem. Då har jag hört något om att det är problem med kommunikationen med V.92-modem mot det tel.nr. jag ringer upp.

 

Men då borde väl det också bli problem med andra hemsidor.

 

Någon som har någon ide om vad felet kan vara.

 

Jag hoppas verkligen att jag slipper formatera om hårddisken och installera Windows XP på nytt.

 

Link to comment
Share on other sites

Efter att ha läst på sidan

 

www.tiscali.co.uk/help/email/oe_errors_0x800ccc90.html

 

så körde jag kommandot netsh int ip reset c:\resetlog.txt.

 

Efter det ser denna textfil ut på följande sätt:

 

[log]

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{163BB718-1872-4A33-B41C-17D27FDB0922}\NameServerList

old REG_MULTI_SZ =

<empty>

 

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{163BB718-1872-4A33-B41C-17D27FDB0922}\NetbiosOptions

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{163BB718-1872-4A33-B41C-17D27FDB0922}\NameServer

<completed>

 

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{163BB718-1872-4A33-B41C-17D27FDB0922}\NameServerList

old REG_MULTI_SZ =

<empty>

 

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{163BB718-1872-4A33-B41C-17D27FDB0922}\NetbiosOptions

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{163BB718-1872-4A33-B41C-17D27FDB0922}\NameServer

<completed>

 

[/log]

 

 

Säger detta något?

 

Felet försvann inte heller av denna åtgärd.

 

Link to comment
Share on other sites

Konto: 'pop.glocalnet.net'

Det ska väl inte vara server-namnet där, det ska väl vara ditt konto-namn (din_epostadress@glocalnet.net). Står mer här om du kan ladda ner filen:

http://kundservice.glocalnet.se/upload/Guider/L%C3%A4gga%20till%20ett%20E-postkonto%20i%20Outlook%20Express.pdf

 

Har du fått ordning på McAfee och AVG? Så att det inte är en halv avinstallation av något av dem som stoppar det hela.

 

Link to comment
Share on other sites

Det är vad som står i Egenskaper, under fliken Allmänt. Där kan man skriva "Tjofadderittan", "Uti helvetet på en sten hoppade en hare utan ben", eller kort sagt vad som helst.

 

Du kanske inte använder Outlook Express själv, men om du tittar på sidan 5 i det dokumnet du hänvisar till, så står

 

Allmänt

 

E-postkonto

 

Ange namn på de här servrarna, till exempel "Arbete"

eller "Microsofts e-postserver".

 

 

pop.glocalnet.net

 

står det i rutan också. Det har inte jag själv fyllt i min Outlook Express, utan det har hämtats automatiskt, förmodligen från Inkommande post(POP3) under Servrar.

 

På de ställen där min e-postadress ska stå har jag naturligtvis skrivit den. Min e-post har fungerat förut. Problemen började torsdagkväll förra veckan och då på båda datorerna. Det som då uppgraderats på båda var AVG.

 

För övrigt har jag lyckats ta bort awlt1.exe. Det gjorde jag i Kommando-tolken och det gick endast i felsäkert läge.

 

Jag har tagit bort allt med AVG och McAfee.

 

DOCK har jag inte tagit bort filen

 

ssravg.dll

 

Den finns på 2 ställen:

 

C:\Program\Microsoft SQL Server\80\COM

 

och

 

C:\Program\Microsoft SQL Server\90\COM

 

Den törs jag inte ta bort. Den hör väl till SQL Server?

 

Visst är det konstigt att jag inte kommer åt Glocalnet-sidorna som jag skrev om i mitt förrförra inlägg?

 

[inlägget ändrat 2006-12-19 01:41:29 av NisseXYZ]

Link to comment
Share on other sites

Nej, jag använder inte Outlook Express och har aldrig gjort det heller.

 

På sidan 5 är det helt klart att det ska stå pop.glocalnet.net. Men är det rätt ifyllt enligt fönstret på sidan 4 (Kontonamn)?

 

Bra att du fick bort awlt1.exe!

 

Varför skulle du ta bort filen ssravg.dll?

 

Lägg hit en ny HijackThis-logg så får vi se om det finns något kvar nu. Kom ihåg att använda LOG-knappen.

 

Visst är det konstigt att jag inte kommer åt Glocalnet-sidorna som jag skrev om i mitt förrförra inlägg?
Ja

 

Link to comment
Share on other sites

Jag har rätt inställningar.

 

Jag sökte på *avg*.* för att få en bred sökning. Därför fick jag med ssravg.dll. Namnkonventioner kan väl variera. Min fråga var mest retorisk.

 

HJT-log:

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 09:51:50, on 2006-12-19

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\stacsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program\Dell Photo AIO Printer 944\memcard.exe

C:\WINDOWS\system32\dlcdcoms.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Dell Support\DSAgnt.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Hans Eriksson\Skrivbord\HIJACKTHIS MAPP\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Class - {D4897EB1-3761-BABB-C66E-7AC9865959A3} - C:\WINDOWS\lqovt1.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [MPFExe] C:\Program\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [awlt1.exe] C:\WINDOWS\Temp\awlt1.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O17 - HKLM\System\CCS\Services\Tcpip\..\{163BB718-1872-4A33-B41C-17D27FDB0922}: NameServer = 213.150.135.211 213.150.135.210

O17 - HKLM\System\CS1\Services\Tcpip\..\{163BB718-1872-4A33-B41C-17D27FDB0922}: NameServer = 213.150.135.211 213.150.135.210

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\Program\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

[/log]

 

[inlägget ändrat 2006-12-19 10:21:33 av NisseXYZ]

Link to comment
Share on other sites

Det finns fortfarande en massa McAfee-program och AVG-program som dras igång. Se denna sida för att få bort allt som har med McAfee:

http://forums.mcafeehelp.com/viewtopic.php?p=318352

http://ts.mcafeehelp.com/faq.asp?frames=1&docid=68717

kontrollera bara att versionsnumren där stämmer med din version.

 

Avinstallation av AVG:

http://www.grisoft.com/doc/7/lng/us/tpl/tpl01?num=156 Frågorna 286 och 288

 

Dessutom syns allt som du fixade förut med HijackThis, det är ju inte bra.

 

Ordna med avinstallationerna och sedan en ny HijackThis-logg.

 

Link to comment
Share on other sites

Hej !

O2 - BHO: Class - {D4897EB1-3761-BABB-C66E-7AC9865959A3} - C:\WINDOWS\lqovt1.dll (file missing) =Gromozon Rootkit

 

Dra ner http://info.prevx.com/download.asp?grab=GROMOZONREMTOOL

(alternativ2 ifall 1 inte fungärar http://pcalsicuro.phpsoft.it/FixGrom.exe )

Dra ner http://securityresponse.symantec.com/avcenter/FixLinkopt.exe

Kör PrevxRemovalTool.exe och när den är färdig kör FixLinkopt.exe i felsäkert läge

 

 

Posta C:\gromozon_removal.txt + hjt-logg

 

[inlägget ändrat 2006-12-19 16:04:41 av justfixing]

Link to comment
Share on other sites

Beträffande AVG: Enligt instruktionerna skulle jag ladda ner setup.exe.

Förbindelsen bröts när c:a 10 % återstod.

 

Jag gjorde om fixar i HiJackThis enligt tidigare.

 

Sedan körde jag de 4 McAfee borttagningsapplikationerna. För säkerhets skull körde jag även den som kunde ta bort allt McAfee, i en och samma körning.

 

Efter det PrevxRemovalTool.exe och sedan FixLinkopt.exe i felsäkert läge.

 

Sedan lyckades jag ladda ner AVG:s setup.exe.

Den gick inte att installera och någon ruta om avinstallation fick jag aldrig upp heller.

Jag prövade 2 ggr och fick först felmeddelandet:

 

Local machine: installation failed

Installation:

Error: Action failed for file avgclean.sys: starting service ....

Det går inte att starta den överordnade tjänsten eller gruppen.

 

Andra gången fick jag dessutom meddelandet:

 

Rollback:

Error: Action failed for file avg7rsxp.sys: starting service ....

Det går inte att hitta filen. (2)

 

Jag har testat e-posten: FELET KVARSTÅR.

 

gromozon_removal.txt och FixLinkopt, som jag väljer att också lägga till, är från FÖRE jag försökte att köra AVG setup.exe och HJT-loggen är från EFTER, om det nu skulle ha någon betydelse.

 

Slutet på gromozon_removal.txt verkar ju egendomlig.

 

GROMOZON

[log]

Removal tool loaded into memory

------------------------------------

Executing rootkit removal engine....

------------------------------------

Disabling rootkit file: \\?\C:\WINDOWS\system32\com1.hiw

\\?\C:\WINDOWS\system32\com1.hiw

Resetting file permissions...

Clearing attributes...

�tkomst nekad - C:\_cleaned.tmp

Removing file...

Rootkit removed! Cleaning up...

 

Removing temp files...

Scanning: C:\WINDOWS

Scanning: C:\Program\Delade filer

Removing protected file: C:\Program\Delade filer\Microsoft Shared\qdp.exe

Removing protected file: C:\Program\Delade filer\Microsoft Shared\qOj.exe

Removing protected file: C:\Program\Delade filer\Microsoft Shared\QPf.exe

Removing protected file: C:\Program\Delade filer\Microsoft Shared\vdLwKD.exe

Removing protected file: C:\Program\Delade filer\Services\aFk.exe

Removing protected file: C:\Program\Delade filer\Services\aGx.exe

Removing protected file: C:\Program\Delade filer\Services\BJW.exe

Removing protected file: C:\Program\Delade filer\Services\bNK.exe

Removing protected file: C:\Program\Delade filer\Services\dbOYjk.exe

Removing protected file: C:\Program\Delade filer\Services\EKTWHY.exe

Removing protected file: C:\Program\Delade filer\Services\FbaVM.exe

Removing protected file: C:\Program\Delade filer\Services\fdGKFZ.exe

Removing protected file: C:\Program\Delade filer\Services\fOr.exe

Removing protected file: C:\Program\Delade filer\Services\HbbG.exe

Removing protected file: C:\Program\Delade filer\Services\hdV.exe

Removing protected file: C:\Program\Delade filer\Services\HmElK.exe

Removing protected file: C:\Program\Delade filer\Services\hoc.exe

Removing protected file: C:\Program\Delade filer\Services\ILk.exe

Removing protected file: C:\Program\Delade filer\Services\iVr.exe

Removing protected file: C:\Program\Delade filer\Services\JBs.exe

Removing protected file: C:\Program\Delade filer\Services\KSOUu.exe

Removing protected file: C:\Program\Delade filer\Services\MPx.exe

Removing protected file: C:\Program\Delade filer\Services\mTtT.exe

Removing protected file: C:\Program\Delade filer\Services\PvQ.exe

Removing protected file: C:\Program\Delade filer\Services\pYI.exe

Removing protected file: C:\Program\Delade filer\Services\QAEijDE.exe

Removing protected file: C:\Program\Delade filer\Services\qfZUxPX.exe

Removing protected file: C:\Program\Delade filer\Services\QOvzND.exe

Removing protected file: C:\Program\Delade filer\Services\RaD.exe

Removing protected file: C:\Program\Delade filer\Services\sBbtkz.exe

Removing protected file: C:\Program\Delade filer\Services\SKs.exe

Removing protected file: C:\Program\Delade filer\Services\tUvlEeU.exe

Removing protected file: C:\Program\Delade filer\Services\uhrlFq.exe

Removing protected file: C:\Program\Delade filer\Services\ulAEN.exe

Removing protected file: C:\Program\Delade filer\Services\VpZtM.exe

Removing protected file: C:\Program\Delade filer\Services\ymKhPQ.exe

Removing protected file: C:\Program\Delade filer\Services\ZEr.exe

Removing protected file: C:\Program\Delade filer\System\AnAwk.exe

Removing protected file: C:\Program\Delade filer\System\aTSWXv.exe

Removing protected file: C:\Program\Delade filer\System\dAIa.exe

Removing protected file: C:\Program\Delade filer\System\FbV.exe

Removing protected file: C:\Program\Delade filer\System\fWWPJrQ.exe

Removing protected file: C:\Program\Delade filer\System\gHdRRZA.exe

Removing protected file: C:\Program\Delade filer\System\hbK.exe

Removing protected file: C:\Program\Delade filer\System\hor.exe

Removing protected file: C:\Program\Delade filer\System\hvX.exe

Removing protected file: C:\Program\Delade filer\System\hwuym.exe

Removing protected file: C:\Program\Delade filer\System\itFHd.exe

Removing protected file: C:\Program\Delade filer\System\jIQ.exe

Removing protected file: C:\Program\Delade filer\System\JJK.exe

Removing protected file: C:\Program\Delade filer\System\Kqa.exe

Removing protected file: C:\Program\Delade filer\System\maRJAND.exe

Removing protected file: C:\Program\Delade filer\System\MCQhnv.exe

Removing protected file: C:\Program\Delade filer\System\MfwcTB.exe

Removing protected file: C:\Program\Delade filer\System\nMuP.exe

Removing protected file: C:\Program\Delade filer\System\pnOewJe.exe

Removing protected file: C:\Program\Delade filer\System\qDUYr.exe

Removing protected file: C:\Program\Delade filer\System\sUrgSfc.exe

Removing protected file: C:\Program\Delade filer\System\Tld.exe

Removing protected file: C:\Program\Delade filer\System\TqrCsy.exe

Remov

[/log]

 

FIXLINKOPT

[log]

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Restored SeDebugPrivilege to Administrators group

 

reg: ...\CLSID\{D4897EB1-3761-BABB-C66E-7AC9865959A3}\InprocServer32 (key deleted)

reg: ...\CLSID\{D4897EB1-3761-BABB-C66E-7AC9865959A3} (key deleted)

reg: ...\Internet Explorer\URLSearchHooks\{D4897EB1-3761-BABB-C66E-7AC9865959A3} (value deleted)

reg: ...\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4897EB1-3761-BABB-C66E-7AC9865959A3} (key deleted)

C:\WINDOWS\lqovt1.dll: (deleted)

 

Trojan.Linkoptimizer has been successfully removed from your computer!

 

Here is the report:

 

The total number of the scanned files: 88553

The number of deleted threat files: 1

The number of threat processes terminated: 0

The number of threat threads terminated: 0

The number of registry entries fixed: 4

 

The tool initiated a system reboot.

 

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)

[/log]

 

HJT

[log]

Logfile of HijackThis v1.99.1

Scan saved at 00:27:38, on 2006-12-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\stacsv.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program\Dell Photo AIO Printer 944\memcard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Dell Support\DSAgnt.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\WINDOWS\system32\dlcdcoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Hans Eriksson\Skrivbord\HIJACKTHIS MAPP\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\Program\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: WinRhl - Unknown owner - C:\Program\Delade filer\System\MfwcTB.exe (file missing)

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

[inlägget ändrat 2006-12-20 00:55:41 av NisseXYZ]

[inlägget ändrat 2006-12-20 06:43:39 av NisseXYZ]

Link to comment
Share on other sites

Jag ser inte något spår längre av att Gromozon rootkitet skulle vara kvar i HijackThis-loggen. Men för säkerhets skull, eftersom gromozon_removal.txt slutar lite avhugget, kör PrevxRemovalTool och FixLinkopt en gång till. Det är fortfarande McAfee- och AVG-filer kvar i HijackThis-loggen, men det kan tänkas att det är detta (väldigt elaka) rootkit som har stört hela tiden och orsakat problemen med dem, så vänta lite mer med rensningar tills vi vet att allt av Gromozon är borta.

 

Link to comment
Share on other sites

Men varför går inte avg75free_432a861-installationen att köra?

Jag fattar det som att det är den som krävs att köras för att ges möjlighet att välja avinstallation.

 

Men punkterna 286 och 288 kanske inte gäller Free Edition utan för de som har köpta varianter.

 

Ändå skulle avg75free_432a861 gå att köra.

 

Senaste loggar:

 

[log]

Removal tool loaded into memory

Gromozon rootkit component not detected - searching for other components

Scanning: C:\WINDOWS

Scanning: C:\Program\Delade filer

 

 

Trojan.Gromozon does not exist - your system is clean.

 

[/log]

 

[log]

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

 

C:\System Volume Information\_restore{A2AF58B2-83EB-46DB-8FC8-B6CEAAE16AC0}\RP17\A0010063.dll: (deleted)

 

Trojan.Linkoptimizer has been successfully removed from your computer!

 

Here is the report:

 

The total number of the scanned files: 89369

The number of deleted threat files: 1

The number of threat processes terminated: 0

The number of threat threads terminated: 0

The number of registry entries fixed: 0

 

The tool initiated a system reboot.

 

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)

[/log]

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 10:25:54, on 2006-12-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\stacsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program\Dell Photo AIO Printer 944\memcard.exe

C:\WINDOWS\system32\dlcdcoms.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\NetWaiting\netwaiting.exe

C:\Program\Dell Support\DSAgnt.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Dell Network Assistant\ezi_hnm2.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Hans Eriksson\Skrivbord\HIJACKTHIS MAPP\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)

O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\Program\Grisoft\AVGFRE~1\avgemc.exe (file missing)

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\Program\McAfee.com\Agent\mcupdmgr.exe (file missing)

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: WinRhl - Unknown owner - C:\Program\Delade filer\System\MfwcTB.exe (file missing)

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

[inlägget ändrat 2006-12-20 10:41:20 av NisseXYZ]

Link to comment
Share on other sites

Det där såg ju bra ut. :thumbsup:

Det var ju tur att det var en lindrig variant av Gromozon, som också kan vara fullständigt omöjlig att få bort. Det är en riktig elaking som mycket väl kan ha skadat antivirusprogrammen allvarligt.

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp WinRhl i listan, dubbelklicka och välj Startmetod Inaktiverad.

Om du har gjort allt du kan med att få bort antivirusprogrammen så gör så även med:

AVG7 Alert Manager Server

AVG7 Update Service

AVG E-mail Scanner

McAfee WSC Integration

McAfee SecurityCenter Update Manager

 

[log]Skanna med HijackThis och bocka för:

 

R3 - Default URLSearchHook is missing

O20 - AppInit_DLLs:

 

Om du har gjort allt du kan med att få bort antivirusprogrammen så bocka även för:

O4 - HKLM\..\Run: [MCAgentExe] c:\program\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\program\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort mapparna (om du gjorde ovanstående med antivirusprogrammen):

c:\program\mcafee.com

C:\Program\Grisoft\AVGFRE~1

 

Starta om i normalt läge och så en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

När jag gjorde Fix checked i HJT fick jag följande felmeddelande:

 

An unexpected error has ocurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs:)

Error #5 - Invalid procedure call or argument

 

 

En förändring sedan jag gjort föreslagna åtgärder: En ikon "Säker borttagning av maskinvara" syns nu i Skrivbordets panel.

 

FRÅGA 1: Har du någon aning om varför?

 

FRÅGA 2: Vad innebär inaktiveringen av WinRhl eller snarare vad är WinRhl:s funktion?

 

FRÅGA 3: Om jag någon gång senare skulle välja att ladda ner AVG eller McAfee måste jag då återaktivera det jag just inaktiverat eller sker det automatiskt?

 

Innan jag gjorde detta inlägg kollade jag e-postfunktionen. Resultat: FELET FINNS KVAR.

 

Något annat: Jag har statistikprogrammet SAS 9.1 installerat men licensen är utgången sedan drygt en månad. Med anledning därav:

 

FRÅGA 4: Är det någon risk med att ställa om systemklockan temporärt medan jag använder SAS?

 

 

HJT-logg:

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 19:45:34, on 2006-12-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\stacsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program\Dell\Media Experience\DMXLauncher.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Logitech\Video\CameraAssistant.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe

C:\Program\Dell Photo AIO Printer 944\memcard.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dlcdcoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\Digital Line Detect\DLG.exe

C:\Program\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Hans Eriksson\Skrivbord\HIJACKTHIS MAPP\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se'>http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row/sv/side.html?channel=se

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=se&l=sv&s=gen

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=3060917

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program\Corel\Corel Photo Album 6\MediaDetect.exe

O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program\Dell Photo AIO Printer 944\dlcdmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program\Dell Photo AIO Printer 944\memcard.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Dell Network Assistant.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Tjänsthanteraren.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Google-sökning - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Översätt engelskt ord - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Bakåtlänkar - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Lagrad bild på sida - res://c:\program\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Liknande sidor - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\npjpi150_09.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164568568921

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: dlcd_device - - C:\WINDOWS\system32\dlcdcoms.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.×
×
  • Create New...