Just nu i M3-nätverket
Jump to content

Sök- och Länkproblem?????


sam64

Recommended Posts

Hej

Vet inte om jag valt rätt forum men hoppas att någon kan hjälpa mig. Det är så att när jag söker tex på google och får fram sökresultat, väljer jag en av de som jag tycker är bra men problemet är att när jag klickar på länken kommer jag inte dit utan till en hel annan sidan tex http://www.looksearch.com/index.php?tpid=11115&tspid=0&ttid=100&st=arbetsmiljö&bmst=&rdf=1&sid=10070209023627165366 komma jag hit när jag skulle egentligen kommit www.arbetsmiljoupplysningen.se.

Sen måste jag gå "Bakåt" till sök sidan och i andra försöket hamnar jag på rätt sidan.

Vad är FELET????

Det är så irriterande

Ett annat problem är när jag klickar på en länk skulle jag få upp ett nytt fönster med länkade sidan men jag får upp ett nytt fönster som är tom.

Tack

Nina

 

Link to comment
Share on other sites

Du har nog fått in något otrevligt i datorn.

Vi kan ju se om HijackThis visar något till att börja med:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]Logfile of HijackThis v1.99.1

Scan saved at 11:50:31, on 2007-02-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\HP\KBD\KBD.EXE

C:\Program\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Lexmark X125\LEX125SU.exe

c:\windows\system\hpsysdrv.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Java\jre1.5.0_09\bin\jucheck.exe

c:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\svchost.exe

c:\program\delade filer\installshield\updateservice\isuspm.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\Program\Internet Explorer\iexplore.exe

c:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [VoipDiscount] "C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program\Lexmark X125\LEX125SU.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Ägaren\Start-meny\Program\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F66D5EE-3657-42D0-BB00-2673EF0AD1AF}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E9876E6-9B74-495C-A79F-BE12962DDD8E}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CFC7AB-A8FE-42C3-BC0E-7FEC0664125A}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{F07A1550-762B-4BF2-87CA-DC21DB5074F4}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F66D5EE-3657-42D0-BB00-2673EF0AD1AF}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[/log]

 

Link to comment
Share on other sites

Har du haft det här länge?

O4 - HKCU\..\Run: [VoipDiscount] "C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized

 

Är det här något ställe du brukar besöka?

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

 

Det är olämpligt att ha två aktiva antivirusprogram i datorn det kan leda till konstiga problem. Så avinstallera antingen Norton eller AVG.

 

Ladda ner FixWareout från en av dessa platser och spara t ex på Skrivbordet:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Stäng alla program eftersom datorn kommer att startas om snart.

 

Dubbelklicka på den just nedladdade filen för att starta programmet FixWareout.

 

Tryck sedan Next, Install, kolla att Run fixit är förbockad och tryck Finish.

Fixen börjar köra, följ alla anvisningar. När du blir ombedd att starta om datorn så gör det. Det är normalt att omstarten tar längre tid än vanligt.

Klistra in loggfilen C:\fixwareout\report.txt som normalt öppnas automatiskt och en ny HijackThis-logg.

 

Link to comment
Share on other sites

Hej

O4 - HKCU\..\Run: [VoipDiscount] "C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized

använder jag som internet telefon att prata med utlandet det är billigare

 

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab'>http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

Vet inte vad är det för nåt. Min dotter är ofta på stallet.se (hästinteresserade tjejer)kan det vara nåt som har ded det stallet att göra?

Hu skulle jag ta bort det om det är nåt otrevlig?

 

[log]

Fixwareout

Last edited 1/30/2007

Post this report in the forums please

...

Prerun check

»»»»» HKLM run and Winlogon System values

C:\WINDOWS\System32\kdvbh.exe will be moved to C:\WINDOWS\temp\kdvbh.ren at reboot.

 

»»»»» System restarted

Reg Entries that were deleted

...

Random Runs removed from HKLM

...

 

»»»»» Misc files.

 

»»»»» Checking for older varients.

 

»»»»» Postrun check

»»»»» HKLM run

»»»»» Winlogon System value

"system"=""

»»»»»

 

PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.

 

This WILL/CAN also list Legit Files, Submit them at Virustotal

Search five digit cs, dm kd and jb files.

»»»»»

»»»»» Current runs

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"

"RTHDCPL"="RTHDCPL.EXE"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"

"HPHUPD08"="c:\\Program\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"

"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"

"PCDrProfiler"=""

"ccApp"="\"c:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"HPBootOp"="\"C:\\Program\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"

"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""

"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,5c,48,50,5c,48,50,20, 53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,75,53,63,68,64,32, 2e,65,78,65,00

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE"

"KBD"="C:\\HP\\KBD\\KBD.EXE"

"ISUSPM Startup"="C:\\Program\\DELADE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"

"TkBellExe"="\"C:\\Program\\Delade filer\\Real\\Update_OB\\realsched.exe\" -osboot"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"VoipDiscount"="\"C:\\program\\voipdiscount.com\\voipdiscount\\voipdiscount.exe\" -nosplash -minimized"

 

Hosts file was reset, If you use a custom hosts file please replace it

[/log]

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 13:51:09, on 2007-02-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\WINDOWS\System32\svchost.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Lexmark X125\LEX125SU.exe

C:\Program\Internet Explorer\iexplore.exe

c:\windows\system\hpsysdrv.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Java\jre1.5.0_09\bin\jucheck.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [VoipDiscount] "C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program\Lexmark X125\LEX125SU.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Ägaren\Start-meny\Program\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F66D5EE-3657-42D0-BB00-2673EF0AD1AF}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E9876E6-9B74-495C-A79F-BE12962DDD8E}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCEC40D1-52C3-4FC7-A317-86EA9E68A549}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CFC7AB-A8FE-42C3-BC0E-7FEC0664125A}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{F07A1550-762B-4BF2-87CA-DC21DB5074F4}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F66D5EE-3657-42D0-BB00-2673EF0AD1AF}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[/log]

 

Link to comment
Share on other sites

Då är det nog inget problem med de två raderna.

 

Skanna med HijackThis och bocka för:

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F66D5EE-3657-42D0-BB00-2

673EF0AD1AF}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E9876E6-9B74-495C-A79F-B

E12962DDD8E}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCEC40D1-52C3-4FC7-A317-8

6EA9E68A549}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5CFC7AB-A8FE-42C3-BC0E-7

FEC0664125A}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\..\{F07A1550-762B-4BF2-87CA-D

C21DB5074F4}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F66D5EE-3657-42D0-BB00-2

673EF0AD1AF}: NameServer = 85.255.115.58,85.255.112.67

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.58 85.255.112.67

 

Om du inte längre använder chattprogrammet IMVU så även denna rad:

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Ägaren\Start-meny\Program\IMVU\Run IMVU.lnk (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\temp\kdvbh.ren

 

Starta om datorn och så en ny HijackThis-logg.

 

Link to comment
Share on other sites

Hej

Nu ät det gjort Här är det nya log-filen[log]Logfile of HijackThis v1.99.1

Scan saved at 15:41:15, on 2007-02-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

c:\Program\Delade filer\Symantec Shared\ccProxy.exe

c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\Program\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Lexmark X125\LEX125SU.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [VoipDiscount] "C:\program\voipdiscount.com\voipdiscount\voipdiscount.exe" -nosplash -minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program\Lexmark X125\LEX125SU.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00C1329F-D6C9-46A2-8C3F-23F50977F0A5} (SMUpdateAX Class) - http://www.liquidlab.se/smupdate/stallet/SetupInf.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program\Norton Internet Security\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

[/log]

 

Ska jag ändra tillbaka i Utforskaren?

Vad var det som hände, virus, trojan, annat eller var det nåt jag gjorde??

 

 

Link to comment
Share on other sites

Nu ser jag inget otrevligt i loggen längre.

Du kan ändra tillbaks inställningarna i Utforskaren, men det kan vara bra att låta inställningen för filnamnstillägg vara kvar på visa, detta eftersom det förekommer att mejl innehåller bilagor som heter t ex bild.gif.exe och då kan det vara bra att se att den heter .exe på slutet så man förstår att det faktiskt inte är en ofarlig bild.

 

Datorn har råkat ut för en typ av Wareout-infektion, hur den kom in i din dator vet jag inte. Men det var filen C:\WINDOWS\System32\kdvbh.exe som ställde till det.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...