Drivecleaner

[lucken]

Hej!

Har lite problem med ett pop-upp fönster med Drivecleaner, hur får jag bort detta!

 

Mvh Lucken

 

[Zipp.]

 

Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

 

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

 

[lucken]

Har nu fixat loggen, men vart ska jag skicka den??

 

[Zipp.]

 

Kopiera och klistra i din inlägg.

Sen måla\markera den och klicka på LOG och skicka efter det.

 

[lucken]

Logfile of HijackThis v1.99.1

Scan saved at 18:23:32, on 2007-01-23

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

[log]Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\S24EvMon.exe

C:\WINDOWS\system32\ZCfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\1XConfig.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe

C:\Program\QuickTime\qttask.exe

C:\Program\ExtraFilm Hemma\Agent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\MSMSGS.EXE

C:\Program\Dell\Bluetooth Software\BTTray.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\Program\Dell\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Lucas Nilsson\Mina dokument\BitComet\BitComet.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [iSUSPM] "C:\Program\Delade filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program\ExtraFilm Hemma\Agent.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\MSMSGS.EXE" /background

O4 - Global Startup: BTTray.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166564271109

O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program\Dell\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe[/log]

 

 

[Zipp.]

 

Ser inget i loggen

Ladda ner Combofix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig.

 

 

[lucken]

Pop-upp fönstret dyker bara upp på samma internet adress, kan det vara fel på den adressen?? Här är loggen [log]((((((((((((((((((((((((((((((( Files Created from 2006-12-23 to 2007-01-23 ))))))))))))))))))))))))))))))))))

 

 

2007-01-23 18:22 <KAT> d-------- C:\Program\Hijackthis

2007-01-17 10:49 <KAT> d-------- C:\DOCUME~1\LUCASN~1\Application Data\CyberLink

2007-01-15 18:01 <KAT> d-------- C:\Program\Nordic Softsales

2007-01-11 19:36 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2007-01-11 19:36 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys

2007-01-08 20:13 <KAT> d-------- C:\DOCUME~1\LUCASN~1\Application Data\ExtraFilm

2007-01-08 20:12 <KAT> d-------- C:\Program\ExtraFilm Hemma

2007-01-03 19:42 86,016 --a------ C:\WINDOWS\unvise32.exe

2007-01-03 19:42 <KAT> d-------- C:\Program\Film-Pettson

2006-12-28 18:51 <KAT> d-------- C:\Program\Windows Media Connect 2

2006-12-28 18:48 <KAT> d-------- C:\WINDOWS\system32\drivers\UMDF

2006-12-27 23:23 <KAT> d-------- C:\DOCUME~1\LUCASN~1\Application Data\ImgBurn

2006-12-27 23:22 <KAT> d-------- C:\Program\ImgBurn

2006-12-25 17:31 <KAT> d-------- C:\Program\AviSynth 2.5

2006-12-25 17:30 <KAT> d-------- C:\Program\Avi2Dvd

2006-12-25 17:21 <KAT> d-------- C:\Program\MSXML 4.0

2006-12-25 17:21 <KAT> d-------- C:\e853f9362020b0c9b6

2006-12-23 14:27 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2006-12-23 14:27 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2006-12-23 14:06 <KAT> d-------- C:\DOCUME~1\LUCASN~1\Application Data\InterVideo

2006-12-23 14:03 <KAT> d-------- C:\Program\QuickTime

2006-12-23 14:01 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer

2006-12-23 13:57 <KAT> d-------- C:\Program\InterVideo Information Service

2006-12-23 13:57 <KAT> d-------- C:\Program\Delade filer\Ulead

2006-12-23 13:47 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\InstallShield

2006-12-23 13:45 <KAT> d-------- C:\Program\InterVideo

2006-12-23 13:44 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll

2006-12-23 13:43 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll

2006-12-23 13:43 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll

2006-12-23 13:43 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2006-12-23 13:43 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll

2006-12-23 13:43 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll

2006-12-23 13:43 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll

2006-12-23 13:43 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2006-12-23 13:43 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

2006-12-23 13:39 <KAT> d--h----- C:\WINDOWS\msdownld.tmp

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-01-23 08:00 -------- d-------- C:\DOCUME~1\LUCASN~1\Application Data\avg7

2007-01-15 18:04 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys

2007-01-15 18:01 -------- d--h----- C:\Program\installshield installation information

2007-01-04 09:44 -------- d---s---- C:\DOCUME~1\LUCASN~1\Application Data\microsoft

2006-12-23 14:07 -------- d-------- C:\DOCUME~1\LUCASN~1\Application Data\macromedia

2006-12-23 13:45 -------- d-------- C:\Program\Delade filer\installshield

2006-12-22 23:34 -------- d-------- C:\DOCUME~1\LUCASN~1\Application Data\divx

2006-12-22 23:04 -------- d-------- C:\Program\sonic

2006-12-22 08:34 -------- d-------- C:\Program\Delade filer\whenu

2006-12-22 08:34 -------- d-------- C:\Program\daemon tools searchbar

2006-12-21 23:47 -------- d-------- C:\DOCUME~1\LUCASN~1\Application Data\sonic

2006-12-21 23:45 -------- d-------- C:\Program\cyberlink

2006-12-21 23:38 -------- d-------- C:\Program\daemon tools

2006-12-21 23:28 -------- d-------- C:\DOCUME~1\LUCASN~1\Application Data\leadertech

2006-12-21 23:14 -------- d-------- C:\Program\divx

2006-12-21 23:09 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2006-12-21 22:57 2560 --a------ C:\WINDOWS\system32\bitcometres.dll

2006-12-20 01:15 -------- d-------- C:\Program\messenger

2006-12-20 00:57 -------- d-------- C:\Program\tptest5

2006-12-20 00:06 -------- d-------- C:\Program\movie maker

2006-12-20 00:03 -------- d-------- C:\Program\windows nt

2006-12-19 22:07 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys

2006-12-19 22:07 499712 --a------ C:\WINDOWS\system32\msvcp71.dll

2006-12-19 22:07 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys

2006-12-19 22:07 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys

2006-12-19 22:07 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys

2006-12-19 22:07 348160 --a------ C:\WINDOWS\system32\msvcr71.dll

2006-12-19 22:07 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys

2006-12-19 22:07 18240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys

2006-12-19 22:06 -------- d-------- C:\Program\grisoft

2006-12-19 00:08 -------- d-------- C:\Program\Delade filer\speechengines

2006-12-19 00:08 -------- d-------- C:\Program\Delade filer\odbc

2006-12-19 00:07 62 --ahs---- C:\DOCUME~1\LUCASN~1\Application Data\desktop.ini

2006-12-19 00:07 -------- d-------- C:\Program\dell

2006-12-19 00:04 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys

2006-12-19 00:04 -------- d-------- C:\Program\intel

2006-12-19 00:01 -------- d-------- C:\Program\broadcom

2006-12-18 23:59 -------- d-------- C:\Program\sigmatel

2006-12-18 23:42 -------- d-------- C:\Program\dell computer corporation

2006-12-18 23:36 -------- d-------- C:\DOCUME~1\LUCASN~1\Application Data\identities

2006-12-18 23:29 -------- d-------- C:\Program\microsoft frontpage

2006-12-18 23:25 0 -rahs---- C:\MSDOS.SYS

2006-12-18 23:25 0 -rahs---- C:\IO.SYS

2006-12-18 23:25 0 --a------ C:\CONFIG.SYS

2006-12-18 23:25 0 --a------ C:\AUTOEXEC.BAT

2006-12-18 23:24 -------- d-------- C:\Program\onlinetj„nster

2006-12-18 23:23 -------- d-------- C:\Program\Delade filer\mssoap

2006-12-18 23:22 -------- d--h----- C:\Program\windowsupdate

2006-12-18 23:22 -------- d-------- C:\Program\msn gaming zone

2006-12-12 17:30 520192 --a------ C:\WINDOWS\system32\divxsm.exe

2006-12-12 17:30 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2006-12-12 17:30 20640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2006-12-12 17:30 200704 --a------ C:\WINDOWS\system32\ssldivx.dll

2006-12-12 17:30 109568 --------- C:\WINDOWS\system32\pxinsi64.exe

2006-12-12 17:30 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe

2006-12-12 17:30 1044480 --a------ C:\WINDOWS\system32\libdivx.dll

2006-12-12 17:25 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2006-12-12 17:25 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll

2006-12-12 17:25 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll

2006-12-12 17:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll

2006-12-12 17:25 635486 --a------ C:\WINDOWS\system32\divx.dll

2006-12-12 17:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll

2006-12-12 17:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll

2006-12-12 17:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll

2006-12-12 17:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll

2006-12-12 17:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll

2006-12-12 17:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll

2006-12-12 17:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll

2006-12-12 17:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll

2006-12-12 17:24 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe

2006-11-15 11:07 8246272 --a------ C:\WINDOWS\system32\wmploc.dll

2006-11-15 10:49 99840 --a------ C:\WINDOWS\system32\wmpshell.dll

2006-11-15 10:48 231424 --------- C:\WINDOWS\system32\wmerror.dll

2006-11-15 10:46 7168 --a------ C:\WINDOWS\system32\asferror.dll

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

2006-11-02 11:53 38912 --------- C:\WINDOWS\system32\wpdshextres.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program\\Messenger\\MSMSGS.EXE\" /background"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /installquiet"

"BCMSMMSG"="BCMSMMSG.exe"

"PRONoMgr.exe"="C:\\Program\\Intel\\NCS\\PROSet\\PRONoMgr.exe"

"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"DVDLauncher"="\"C:\\Program\\CyberLink\\PowerDVD\\DVDLauncher.exe\""

"ISUSPM"="\"C:\\Program\\Delade filer\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"ExtraFilmHemmaAgent"="\"C:\\Program\\ExtraFilm Hemma\\Agent.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoCDBurning"=dword:00000001

"BackupNoCDBurning"=dword:00000000

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

Completion time: 07-01-23 22:35:25[/log]

 

[Zipp.]

 

Ta bort denna fil = C:\WINDOWS\unvise32.exe

Om pop-uppen kommer upp bara på en viss sida så är det lungt.

Kan du ge adressen till sidan.

 

[lucken]

Har nu tagit bort den filen, nu får vi se om jag slipper pop-uppen. Det händer oftast när jag är på sidan: mail.com

 

[Qbert]

Jag har haft samma problem ett tag nu men det är inte bara drivecleaner som kommer upp utan även något som heter ErrorSafe. Och då blir det massa tjafs och pop-up fönster m.m.

 

Sen har jag även ett virus som gång på gång försöker komma in i min dator som Norton stoppar men det återkommer hela tiden. Det är något uppringningsprogram som heter något med dealer eller dialer.

 

Någon som kan hjälpa mig?

 

[Zipp.]

 

Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

 

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

[Qbert]

Jag tänkte just skicka loggen.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:12:21, on 2007-02-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

c:\Program\Norton Internet Security\ISSVC.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Java\jre1.5.0\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ekort\ekort.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arsenal.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ppmate] C:\Program\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration Call of Juarez.LNK = C:\Program\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com'>http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\Program\VCPOKE~1\client.exe

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_se.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170257206406

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

[Zipp.]

 

Byt namn på HijackThis.exe till rensare.exe

Sen scanna en ny logg och skicka den.

 

 

[Qbert]

Okej. Riktigt sjysst att hjälpa till!

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:53:26, on 2007-02-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

c:\Program\Norton Internet Security\ISSVC.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Java\jre1.5.0\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ekort\ekort.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe

c:\Program\NORTON~1\NORTON~1\navw32.exe

C:\Program\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UDC6L_0001_D19M0709NetInstaller.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\VideoLAN\VLC\vlc.exe

C:\WINDOWS\TEMP\winB15.tmp.exe

C:\WINDOWS\TEMP\iddB16.tmp.exe

C:\Program\Hijackthis\rensare.exe.exe

C:\Program\Hijackthis\rensare.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://arsenal.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\system32\Bhoekort.dll

O2 - BHO: (no name) - {4AAFF82C-1530-42EB-B723-5DC8D4B22D6A} - C:\WINDOWS\system32\awtqr.dll (file missing)

O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\tpuxtcic.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: (no name) - {B7BC5CCE-E6CE-43DB-B3E3-DA47DDDD4A5E} - C:\WINDOWS\system32\yayvsqn.dll

O2 - BHO: (no name) - {BDAE5718-37AD-4165-858F-87C4E91860A5} - C:\WINDOWS\system32\jkklm.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ppmate] C:\Program\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration Call of Juarez.LNK = C:\Program\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com'>http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\Program\VCPOKE~1\client.exe

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_se.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170257206406

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll (file missing)

O20 - Winlogon Notify: jkklm - C:\WINDOWS\system32\jkklm.dll

O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll

O20 - Winlogon Notify: yayvsqn - C:\WINDOWS\SYSTEM32\yayvsqn.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

[Zipp.]

 

Surfa hit och följ anvisningar på sidan

 

http://www.atribune.org/content/view/24/2/

 

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the

Scan for Vundo button." when VundoFix appears at reboot.

 

Skicka sen C:\vundofix.txt loggen

 

 

[Qbert]

Här, det borde va rätt!

 

 

[log]VundoFix V6.3.5

 

Checking Java version...

 

Sun Java not detected

Scan started at 14:03:17 2007-02-01

 

Listing files found while scanning....

 

C:\WINDOWS\system32\awtqr.dll

C:\WINDOWS\system32\jkklm.dll

C:\WINDOWS\system32\mlkkj.bak2

C:\WINDOWS\system32\mlkkj.ini

C:\WINDOWS\system32\mlkkj.ini2

C:\WINDOWS\system32\mlkkj.tmp

C:\WINDOWS\system32\rqtwa.bak2

C:\WINDOWS\system32\rqtwa.ini

C:\WINDOWS\system32\rqtwa.ini2

C:\WINDOWS\system32\rqtwa.tmp

C:\WINDOWS\system32\tpuxtcic.dll

C:\WINDOWS\system32\yayvsqn.dll

 

Beginning removal...

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\jkklm.dll

C:\WINDOWS\system32\jkklm.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlkkj.bak2

C:\WINDOWS\system32\mlkkj.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlkkj.ini

C:\WINDOWS\system32\mlkkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlkkj.ini2

C:\WINDOWS\system32\mlkkj.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\mlkkj.tmp

C:\WINDOWS\system32\mlkkj.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.bak2

C:\WINDOWS\system32\rqtwa.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.ini

C:\WINDOWS\system32\rqtwa.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.ini2

C:\WINDOWS\system32\rqtwa.ini2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.tmp

C:\WINDOWS\system32\rqtwa.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\tpuxtcic.dll

C:\WINDOWS\system32\tpuxtcic.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\yayvsqn.dll

C:\WINDOWS\system32\yayvsqn.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

[/log]

 

[Zipp.]

 

Ser ut som att awtqr.dll är kvar

 

Ladda ner Combofix på skrivbordet

 

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

kör den och följ anvisningar.

När den är färdig så ska en logg komma ut skicka hit den.

VIKTIGT = klicka inte på Combofix fönster med musen när den körs annars kan den hänga upp sig.

 

 

[Qbert]

[log]"HP_Žgaren" - 07-02-01 14:57:04 Service Pack 2

ComboFix 07.01.31 - Running from: "C:\Documents and Settings\HP_Žgaren\Skrivbord"

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\Delade filer\Yazzle1122OinAdmin.exe

C:\Program\Delade filer\Yazzle1122OinUninstaller.exe

C:\Program\Delade filer\Yazzle1162OinUninstaller.exe

C:\WINDOWS\system32\unsvchosts.lzma

C:\autorun.inf

C:\INSTALL.LOG

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-01-01 to 2007-02-01 ))))))))))))))))))))))))))))))))))

 

 

2007-02-01 14:03 <KAT> d-------- C:\VundoFix Backups

2007-02-01 13:11 <KAT> d-------- C:\Program\Hijackthis

2007-02-01 01:02 <KAT> d-------- C:\Program\MSXML 4.0

2007-01-31 16:29 <KAT> d-------- C:\WINDOWS\system32\PreInstall

2007-01-31 16:27 18,200 --a------ C:\WINDOWS\system32\wups2.dll

2007-01-31 16:27 <KAT> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-01-31 15:38 <KAT> d-------- C:\Program\Windows Defender

2007-01-18 18:18 0 --a------ C:\WINDOWS\system32\bocmcjdw.dll

2007-01-18 18:08 2,560 --a------ C:\WINDOWS\system32\unsvchosts.exe

2007-01-18 18:08 18,432 --a------ C:\WINDOWS\system32\winghy32.dll

2007-01-05 15:36 <KAT> d-------- C:\DOCUME~1\HP_GAR~1\Application Data\Vso

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-02-01 13:50 -------- d-------- C:\Program\Delade filer\symantec shared

2007-01-31 15:00 -------- d-------- C:\Program\microsoft works

2007-01-30 08:02 -------- d-------- C:\Program\norton internet security

2007-01-24 19:43 -------- d-------- C:\Program\windows live safety center

2007-01-23 18:31 -------- d-------- C:\Program\msn messenger

2007-01-23 16:51 -------- d-------- C:\Program\symantec

2007-01-22 23:46 -------- d-------- C:\DOCUME~1\HP_GAR~1\Application Data\adobe

2007-01-13 18:17 -------- d---s---- C:\DOCUME~1\HP_GAR~1\Application Data\microsoft

2007-01-05 16:04 -------- d-------- C:\Program\vc poker

2006-12-29 00:44 -------- d-------- C:\DOCUME~1\HP_GAR~1\Application Data\adobeum

2006-12-27 22:34 -------- d-------- C:\DOCUME~1\HP_GAR~1\Application Data\hp

2006-12-26 21:05 -------- d-------- C:\DOCUME~1\HP_GAR~1\Application Data\google

2006-12-26 21:04 -------- d-------- C:\Program\google

2006-12-18 14:14 -------- d--h----- C:\Program\installshield installation information

2006-12-17 14:37 -------- d-------- C:\Program\ea sports

2006-12-10 15:11 -------- d-------- C:\Program\Delade filer\adobe

2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0\\bin\\jusched.exe"

"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"

"CTDVDDET"="\"C:\\Program\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\""

"VolPanel"="\"C:\\Program\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r"

"AudioDrvEmulator"="\"C:\\Program\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""

"CTHelper"="CTHELPER.EXE"

"CTxfiHlp"="CTXFIHLP.EXE"

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"HPHUPD08"="c:\\Program\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"

"KBD"="C:\\HP\\KBD\\KBD.EXE"

"Home Theater SchSvr"="\"C:\\Program\\Delade filer\\InterVideo\\SchSvr\\SchSvr.exe\""

"WINREMOTE"="C:\\Program\\InterVideo\\Common\\Bin\\WinRemote.exe"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"ccApp"="\"c:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"URLLSTCK.exe"="c:\\Program\\Norton Internet Security\\UrlLstCk.exe"

"PS2"="C:\\WINDOWS\\system32\\ps2.exe"

"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"

"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,5c,48,50,5c,48,50,20, 53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,75,53,63,68,64,32, 2e,65,78,65,00

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb06.exe"

"Symantec NetDriver Monitor"="C:\\Program\\SYMNET~1\\SNDMon.exe /Consumer"

"Share-to-Web Namespace Daemon"="C:\\Program\\HP\\HP Share-to-Web\\hpgs2wnd.exe"

"zzzHPSETUP"="G:\\Setup.exe"

"UpdateManager"="\"C:\\Program\\Delade filer\\Sonic\\Update Manager\\sgtray.exe\" /r"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

@=""

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"

"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"ekort"="C:\\Program\\ekort\\ekort.exe /dontopenmycards"

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74, 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

"ppmate"="C:\\Program\\PPMate\\PPMate\\ppmate.exe -autoplay"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{B7BC5CCE-E6CE-43DB-B3E3-DA47DDDD4A5E}"=""

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqr

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

Usnsvc REG_MULTI_SZ usnsvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39fd89e5-3124-11db-a210-806d6172696f}]

Shell\AutoRun\command C:\Autorun.exe

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\BackOnTrack - p†minnelse om †terst„llningspunkt.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn - Hasse.job

C:\WINDOWS\tasks\Norton AntiVirus - S”k igenom datorn - HP_Žgaren.job

C:\WINDOWS\tasks\Symantec NetDetect.job

 

Completion time: 07-02-01 15:02:36

[/log]

 

[Zipp.]

 

Ladda ner Avenger på skrivbordet och unzippa den där

 

http://swandog46.geekstogo.com/avenger.zip

 

[log]Sen kopiera alla rader nedan på en gång

 

 

Files to delete:

C:\WINDOWS\system32\bocmcjdw.dll

C:\WINDOWS\system32\unsvchosts.exe

C:\WINDOWS\system32\winghy32.dll

C:\WINDOWS\system32\awtqr.dll

 

 

 

Sen öppna Avenger

Bocka i "Input Script Manually".

Klicka på förstorningsglas och i "View/edit script" fönster klistra in texten du kopiera.

Klicka på Done.

Sen klicka på gröna ljuset och svara Ja på frågor.

Datorn startar om och du ser en dos fönster och sen ska loggen öppnas fram.

Skicka hit den loggen . [/log]

 

[Qbert]

ska jag klistra in "files to delete"?

 

[Zipp.]

 

Ja....kopiera och klistra in alla rader nedan på en gång

 

 

Files to delete:

C:\WINDOWS\system32\bocmcjdw.dll

C:\WINDOWS\system32\unsvchosts.exe

C:\WINDOWS\system32\winghy32.dll

C:\WINDOWS\system32\awtqr.dll

 

 

 

[Qbert]

awtqr.dll vill inte ge sig...

 

[log]Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\feyfchcb

 

*******************

 

Script file located at: \??\C:\Program Files\cnqsdqbv.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\bocmcjdw.dll deleted successfully.

File C:\WINDOWS\system32\unsvchosts.exe deleted successfully.

File C:\WINDOWS\system32\winghy32.dll deleted successfully.

 

 

File C:\WINDOWS\system32\awtqr.dll not found!

Deletion of file C:\WINDOWS\system32\awtqr.dll failed!

 

Could not process line:

C:\WINDOWS\system32\awtqr.dll

Status: 0xc0000034

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

[Zipp.]

 

> awtqr.dll vill inte ge sig... <

 

Tydligen är den borta redan = awtqr.dll not found

Scanna en ny Hijack logg och skicka den.

 

 

[Qbert]

[log]Logfile of HijackThis v1.99.1

Scan saved at 16:19:21, on 2007-02-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

c:\Program\Norton Internet Security\ISSVC.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\Explorer.EXE

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Java\jre1.5.0\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\D-Tools\daemon.exe

C:\Program\ekort\ekort.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Hijackthis\rensare.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\WINDOWS\system32\Bhoekort.dll

O2 - BHO: (no name) - {4AAFF82C-1530-42EB-B723-5DC8D4B22D6A} - C:\WINDOWS\system32\awtqr.dll (file missing)

O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\tpuxtcic.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: (no name) - {B7BC5CCE-E6CE-43DB-B3E3-DA47DDDD4A5E} - C:\WINDOWS\system32\yayvsqn.dll (file missing)

O2 - BHO: (no name) - {BDAE5718-37AD-4165-858F-87C4E91860A5} - C:\WINDOWS\system32\jkklm.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ppmate] C:\Program\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration Call of Juarez.LNK = C:\Program\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com'>http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\Program\VCPOKE~1\client.exe

O9 - Extra button: e-kort - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program\ekort\ekort.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing

O16 - DPF: {0990D180-4226-4530-9777-AB82315505B9} (Installer Class) - http://www.foreningssparbanken.se/betala/ekort/oinstall.cab

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_se.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170257206406

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_se.cab

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll (file missing)

O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

[/log]

 

[Zipp.]

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]O2 - BHO: (no name) - {4AAFF82C-1530-42EB-B723-5DC8D4B22D6A} - C:\WINDOWS\system32\awtqr.dll (file missing)

O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\tpuxtcic.dll (file missing)

O2 - BHO: (no name) - {B7BC5CCE-E6CE-43DB-B3E3-DA47DDDD4A5E} - C:\WINDOWS\system32\yayvsqn.dll (file missing)

O2 - BHO: (no name) - {BDAE5718-37AD-4165-858F-87C4E91860A5} - C:\WINDOWS\system32\jkklm.dll (file missing)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O9 - Extra button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com'>http://itv.mop.com (file missing)

O9 - Extra 'Tools' menuitem: ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_se.cab

O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/downloa

d/2006/cabs/ErrorSafeFreeInstall_se.cab

O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll (file missing)

O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)

 

Sen är loggen ok.

Avinstallera den Java du har och hämta nyaste här

 

http://www.java.com/sv/

 

Sen kan du Googla dessa och stäng av via msconfig > Autostart dom som inte är viktiga för systemet så får du lite mer fart i datorn

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zzzHPSETUP] G:\Setup.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ekort] C:\Program\ekort\ekort.exe /dontopenmycards

O4 - HKLM\..\Run: [ppmate] C:\Program\PPMate\PPMate\ppmate.exe -autoplay

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleT

oolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Registration Call of Juarez.LNK = C:\Program\Ubisoft\Techland\Call of Juarez\Register\RegistrationReminder.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe[/log]