Problem med vista

[fiffe]

Hej jag undrar om Vista skall vara såmånga buggar om man jämför med XP eller har jag något som stör i datorn. Snart blir det en ominstallation till XP igen. Datorn är ca 4 dagar gammal.

 

Jag har mest problem med explorer det kan hänga sig ofta. Det är dokument som försvinner.

 

Bifogar loggfil.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:13:36, on 2007-03-04

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\System\msnmssgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe

C:\Users\Fredrik\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: run=C:\Windows\system32\winlogin.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Dash 5.0.lnk = C:\DigitalDash\digitaldash.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[/log]

 

 

[Avicii]

fiffe skrev:

 

Hej jag undrar om Vista skall vara såmånga buggar om man jämför med XP eller har jag något som stör i datorn.

Vista i sig buggar inte.

Ser att du har http://www.gozobil.lx.ro som main search page, start page och search bar. Är det ett val du gjort själv?

Ser också både Roxio och Nero. 2 brännarprogram?

Vilket program har du från Symantec? Jag visste inte att Norton är Vista kompatibelt.

Vilken version av Vista har du och hur ser din hårdvarukonfiguration ut?

 

 

[fiffe]

Hej gozobil har jag inte lagt till själv. Ja jag har 2 brännarprogram och det har alltid fungerat.

Vet inte vilket symantec fick det av kompisen och vi tittade på sidan

http://www.iexbeta.com/wiki/index.php/Windows_Vista_Software_Compatibility_List#AntiVirus och där finns det med. Jag kan inte se vilket för alla mina mappar är borta. allt försvinner för mig.

 

Datorn.

Laptop

Processor: Mobile AMD Sempron™ Processor 3400+

Internminne: 1 GB (2 x 512 MB) DDR2 SDRAM - 667MHz - PC2-5300.

Moderkort: Information saknas

I/O Portar: Se

Grafik: NVIDIA® GeForce™ Go 6150 med upp till 128 MB delat minne.

Ljud: 16-bitars Sound Blaster Pro-kompatibelt ljud

Hårddisk: 120GB S-ATA

Optisk enhet: Super Multi DVD-brännare (+/-R +/-RW) med stöd för dubbla lager

Operativsystem: Windows Vista™ Home Basic Svensk

Modem/ Nätverk: Internt 56k V.92 modem

802.11 b/g WLAN

10/100/ nätverksstöd

Högtalare: Två inbyggda stereohögtalare

Tangentbord & Mus: Windows tangentbord

Pekplatta

Bildskärm: 15,4-tums WXGA+ High Definition BrightView Widescreen

Max upplösning: 1280 x 800

 

 

[Cecilia]

Det finns misstänkta rader i loggen. Du får avgöra själv om det är lättare att installera om Windows eller rensa den på otrevligheter.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\Program Files\Common Files\System\msnmssgr.exe

C:\Windows\system32\winlogin.exe

 

Vet inte vilket symantec fick det av kompisen

Om det inte är en legal köpt version så är det ju inget att lita på, då kan den ju innehålla otrevligheter i sig i stället för att göra det den ska.

 

[Avicii]

fiffe skrev:

 

Ja jag har 2 brännarprogram och det har alltid fungerat.

Vilken version av Roxios brännarprogram har du och vilken Vista version, x86 eller x64?

Jag har läst på andra forum att Roxios Easy Media Creator, som numer ägs av Sonic Solutions, inte fungerar fullt ut med Vista. I alla fall inte med Vista x64. Därför har jag aldrig själv testat. Jag har alla versioner upp till och med 7.

 

[fiffe]

Jag har Symantec Antivirus Corporate EDITION v10.2.276 WinVista Retail.

 

Har kört filerna i Virustotal och den hittade bara

STATUS: QUEUED Your file "msnmssgr.exe" is queued in position: 2. Estimated start time is between 58 and 83 seconds.

Antivirus Version Update Result

Aditional Information

 

VirusTotal is a free service offered by Hispasec Sistemas.

There are no guarantees about the availability and continuity of this service.

Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product,

these results DO NOT guarantee the harmlessness of a file. Currently,

there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

 

För C:\Windows\system32\winlogin.exe -

0 bytes size received / Se ha recibido un archivo vacio

 

Inte en aning vilken version av vista eller roxio. det var installerat i datorn vid köp.

 

 

[Cecilia]

Har kört filerna i Virustotal och den hittade bara

STATUS: QUEUED Your file "msnmssgr.exe" is queued in position: 2. Estimated start time is between 58 and 83 seconds.

Vänta tills det blir klart.

 

[fiffe]

Complete scanning result of "msnmssgr.exe", received in VirusTotal at 03.05.2007, 19:56:29 (CET).

 

Antivirus Version Update Result

AntiVir 7.3.1.38 03.05.2007 HEUR/Crypted

Authentium 4.93.8 03.04.2007 no virus found

Avast 4.7.936.0 03.03.2007 no virus found

AVG 7.5.0.447 03.05.2007 no virus found

BitDefender 7.2 03.05.2007 BehavesLike:Win32.Malware

CAT-QuickHeal 9.00 03.05.2007 no virus found

ClamAV devel-20060426 03.05.2007 no virus found

DrWeb 4.33 03.05.2007 no virus found

eSafe 7.0.14.0 03.05.2007 no virus found

eTrust-Vet 30.6.3455 03.05.2007 no virus found

Ewido 4.0 03.05.2007 no virus found

FileAdvisor 1 03.05.2007 no virus found

Fortinet 2.85.0.0 03.05.2007 suspicious

F-Prot 4.3.1.45 03.04.2007 no virus found

F-Secure 6.70.13030.0 03.05.2007 no virus found

Ikarus T3.1.1.3 03.05.2007 Backdoor.VB.EV

Kaspersky 4.0.2.24 03.05.2007 no virus found

McAfee 4976 03.05.2007 no virus found

Microsoft 1.2204 03.05.2007 no virus found

NOD32v2 2096 03.05.2007 no virus found

Norman 5.80.02 03.05.2007 no virus found

Panda 9.0.0.4 03.05.2007 no virus found

Prevx1 V2 03.05.2007 no virus found

Sophos 4.15.0 03.05.2007 no virus found

Sunbelt 2.2.907.0 03.01.2007 VIPRE.Suspicious

Symantec 10 03.05.2007 no virus found

TheHacker 6.1.6.069 03.05.2007 no virus found

UNA 1.83 03.05.2007 no virus found

VBA32 3.11.2 03.03.2007 no virus found

VirusBuster 4.3.19:9 03.05.2007 no virus found

File size: 1192960 bytes

 

 

 

 

 

[Cecilia]

Skanna med HijackThis och bocka för:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F3 - REG:win.ini: run=C:\Windows\system32\winlogin.exe

O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\Windows\system32\winlogin.exe OBS! var noga med stavningen, du ska inte ta bort winlogon.exe!

C:\Program Files\Common Files\System\msnmssgr.exe

 

Starta om i normalt läge och så en ny HijackThis-logg.

Gör denna skanning: http://housecall.antivirus.com/

Spara logg eller kopiera resultatet hit. När du har klistrat in loggen så ska du markera (måla) den och sedan trycka på LOG-knappen som finns på samma rad som i Besvara-fönstret.

 

Vi får se om följande fungerar i Vista.

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här och använd LOG-knappen.

 

[fiffe]

Hej när jag öppnar utforskaren kommer jag bara till mina dokument.

Det är inte alls som i XP eller är det något fel. Jag kan inte välja om jag vill visa dolda filer eller inte.

 

[Avicii]

fiffe skrev:

 

Hej gozobil har jag inte lagt till själv. Ja jag har 2 brännarprogram och det har alltid fungerat.

Tack för tipset om att Roxio fungerar i Vista!

Köpte i dag Easy Media Creator 9 och har precis bränt några CDs och DVDs i Vista Ultimate x64.

 

 

[inlägget ändrat 2007-03-06 19:37:02 av Maratonmannen]

[Cecilia]

Någon som kan hjälpa till med anvisningar för Utforskaren i Vista?

 

Det behövs för hur man ser alla filer inklusive dolda filer och operativsystemfiler samt hur man navigerar till andra mappar.

 

Fortsätt med resten, fiffe, så länge.

 

[Avicii]

Cecilia skrev:

 

Någon som kan hjälpa till med anvisningar för Utforskaren i Vista?

För att visa dolda filer i Vista gör man på ungefär samma sätt som i XP, men först måste man lägga till menyraden för att få Verktyg och kunna välja Mappalternativ -> Visa. Där är det bara att bocka i Visa dolda filer osv.

För att få menyraden i Utforskaren, klicka på Organisera -> Layout -> Meny.

 

[fiffe]

Jag får inte bort alla filer i Hiijacken. och hittar inte i filerna utforskaren.

 

 

Scanning and Cleaning Complete

HouseCall did not find any potential threats on your computer. Make sure you run HouseCall once a week to keep your PC clean and malware free.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 22:30:12, on 2007-03-06

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe

C:\Users\Fredrik\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Dash 5.0.lnk = C:\DigitalDash\digitaldash.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[/log]

 

 

[fiffe]

Man tackar man lär sig alltid något nytt.

 

[Cecilia]

Gick det att köra SDFix?

 

[fiffe]

Nej det gick inte.

 

[Cecilia]

Ladda ner ComboScan till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

 

Avsluta alla program.

Kör ComboScan och följ anvisningarna som visas.

Om brandväggen frågar så tillåt sigcheck.exe att komma ut på internet.

När det är klart så skapas två loggfiler, C:\ComboScan.txt och C:\Supplementary.txt. Klistra in dem här.

 

[fiffe]

ComboScan v20070306.20 run by Fredrik on 2007-03-07 at 19:22:06

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

8: 2007-03-07 15:59:12 UTC - RP75 - Windows Update

7: 2007-03-06 21:09:44 UTC - RP74 - Installed Bearmach Parts Browser

6: 2007-03-05 20:49:28 UTC - RP72 - Windows Update

5: 2007-03-04 20:06:38 UTC - RP71 - ComboScan Restore Point

4: 2007-03-04 10:27:54 UTC - RP70 - Schemalagd kontrollpunkt

 

 

-- First Restore Point --

1: 2007-03-03 14:45:35 UTC - RP67 - DirectX har installerats

 

 

Performed disk cleanup.

 

 

-- HijackThis (run as Fredrik.exe) ---------------------------------------------

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:22:43, on 2007-03-07

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Common Files\System\msnmssgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\taskeng.exe

C:\Users\Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WABITKR3\comboscan[1].exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Fredrik\Desktop\Fredrik.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro'>http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gozobil.lx.ro

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Dash 5.0.lnk = C:\DigitalDash\digitaldash.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

 

-- HijackThis Fixed Entries (C:\Users\Fredrik\Desktop\backups\) ----------------

 

backup-20070305-183528-941 F3 - REG:win.ini: run=C:\Windows\system32\winlogin.exe

backup-20070305-183543-504 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

backup-20070305-183645-746 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

backup-20070305-195226-560 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

backup-20070306-171028-313 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

backup-20070306-171028-698 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

backup-20070306-171028-793 O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

backup-20070306-171028-908 F3 - REG:win.ini: run=C:\Windows\system32\winlogin.exe

backup-20070306-171028-918 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

backup-20070306-175633-463 O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

backup-20070306-175633-470 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

backup-20070306-175633-664 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

backup-20070306-175633-863 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

backup-20070306-222946-136 O4 - HKLM\..\Run: [WindowsSystem32] C:\Program Files\Common Files\System\msnmssgr.exe

backup-20070306-222946-372 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

backup-20070306-222946-493 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

backup-20070306-222946-538 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

-- File Associations -----------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "%SystemRoot%\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\winhlp32.exe %1

.inf - inffile - %SystemRoot%\system32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\system32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - "%SystemRoot%\System32\WScript.exe" "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

3S BCM43XV (Broadcom Extensible 802.11 nätverkskortsdrivrutin) - C:\Windows\System32\drivers\BCMWL6.SYS

3R BCM43XX (Drivrutin för Broadcom 802.11 Nätverksadapter) - C:\Windows\System32\drivers\BCMWL6.SYS

3S BthEnum (Bluetooth frågeblockdrivrutin) - C:\Windows\System32\drivers\bthenum.sys

3S BthPan (Bluetooth-enhet (Personal Area Network)) - C:\Windows\System32\drivers\bthpan.sys

3S BTHPORT (Bluetooth-portdrivrutin) - C:\Windows\System32\drivers\bthport.sys

3S BTHUSB (Bluetooth-radio USB-drivrutin) - C:\Windows\System32\drivers\BTHUSB.SYS

3S E100B (Intel® PRO Adapter Driver) - C:\Windows\System32\drivers\e100b325.sys

1R eabfiltr - C:\Windows\System32\drivers\eabfiltr.sys

1R eeCtrl (Symantec Eraser Control driver) - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

3R EraserUtilRebootDrv - \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

3R HBtnKey - C:\Windows\System32\drivers\CPQBttn.sys

3R HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\Windows\System32\drivers\CHDART.sys

3S HSFHWAZL - C:\Windows\System32\drivers\VSTAZL3.SYS

3R HSF_DPV - C:\Windows\System32\drivers\HSX_DPV.sys

3R HSXHWAZL - C:\Windows\System32\drivers\HSXHWAZL.sys

3S ialm - C:\Windows\System32\drivers\igdkmd32.sys

1R IDSvix86 (Symantec Intrusion Prevention Driver) - \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070222.002\IDSvix86.sys

2R mdmxsdk - C:\Windows\System32\drivers\mdmxsdk.sys

3R NAVENG - \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070304.025\NAVENG.SYS

3R NAVEX15 - \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070304.025\NAVEX15.SYS

3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\Windows\System32\drivers\nvm60x32.sys

3R nvlddmkm - C:\Windows\System32\drivers\nvlddmkm.sys

3R nvsmu - C:\Windows\System32\drivers\nvsmu.sys

3S RFCOMM (Bluetooth-enhet (RFCOMM-protokoll-TDI)) - C:\Windows\System32\drivers\rfcomm.sys

2S rimmptsk - C:\Windows\System32\drivers\rimmptsk.sys

2S rimsptsk - C:\Windows\System32\drivers\rimsptsk.sys

2S rismxdp (Ricoh xD-Picture Card Driver) - C:\Windows\System32\drivers\rixdptsk.sys

3S sdbus - C:\Windows\System32\drivers\sdbus.sys

1R SPBBCDrv - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

3R SRTSP - C:\Windows\System32\drivers\srtsp.sys

3S SRTSPL - C:\Windows\System32\drivers\srtspl.sys

1R SRTSPX - C:\Windows\System32\drivers\srtspx.sys

3R SYMDNS - C:\Windows\System32\drivers\symdns.sys

3R SymEvent - \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

3R SYMFW - C:\Windows\System32\drivers\symfw.sys

3R SYMIDS - C:\Windows\System32\drivers\symids.sys

3R SYMNDISV - C:\Windows\System32\drivers\symndisv.sys

3R SYMREDRV - C:\Windows\System32\drivers\symredrv.sys

1R SYMTDI - C:\Windows\System32\drivers\symtdi.sys

3R SynTP (Synaptics TouchPad Driver) - C:\Windows\System32\drivers\SynTP.sys

3S USBSTOR (Drivrutin för USB-masslagringsenheter) - C:\Windows\System32\drivers\USBSTOR.SYS

3R winachsf - C:\Windows\System32\drivers\HSX_CNXT.sys

2R XAudio - C:\Windows\System32\drivers\XAudio.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

3S AddFiltr - "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe"

2S Automatisk LiveUpdate-schemaläggare - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

2R BthServ (Bluetooth Support Service) - C:\Windows\system32\svchost.exe -k bthsvcs

2R ccEvtMgr (Symantec Event Manager) - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

2R ccSetMgr (Symantec Settings Manager) - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe"

2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe"

2R CLTNetCnService (Symantec Lic NetConnect service) - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

3S comHost (COM Host) - "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"

3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

2R HP Health Check Service - "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"

2R hpqwmiex - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe"

3S ISPwdSvc (Symantec IS Verifiering av lösenord) - "c:\Program Files\Norton Internet Security\isPwdSvc.exe"

2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"

3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"

3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

3S RoxMediaDB9 - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"

3S stllssvr - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"

3R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"

2R SymAppCore (Symantec AppCore Service) - "c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"

2R XAudioService - C:\Windows\system32\DRIVERS\xaudio.exe

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-03-02 20:36:37 504 --a------ C:\Windows\Tasks\Norton Internet Security - Sök igenom datorn - Fredrik.job<NORTON~1.JOB>

 

 

-- Files created between 2007-02-07 and 2007-03-07 -----------------------------

 

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-03-07 18:50:56 472414 --a------ C:\Windows\system32\perfh01D.dat

2007-03-07 18:50:56 81514 --a------ C:\Windows\system32\perfc01D.dat

2007-03-07 18:47:10 13119 --a------ C:\Users\Fredrik\AppData\Roaming\nvModes.001

2007-03-07 18:44:36 12 --a------ C:\Windows\bthservsdp.dat<BTHSER~1.DAT>

2007-03-06 22:10:40 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>

2007-03-06 22:10:24 0 d-------- C:\Program Files\Bearmach

2007-03-06 22:09:33 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>

2007-03-06 21:03:12 0 d-------- C:\Users\Fredrik\AppData\Roaming\Ahead

2007-03-06 18:05:46 0 d-------- C:\Program Files\totalcmd

2007-03-05 19:40:35 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>

2007-03-05 18:17:13 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>

2007-03-04 21:27:49 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>

2007-03-04 20:02:40 0 d-------- C:\Program Files\InterMute<INTERM~1>

2007-03-04 09:26:36 13119 --a------ C:\Users\Fredrik\AppData\Roaming\nvModes.dat

2007-03-03 19:47:24 229888 --a------ C:\Windows\system32\msshsq.dll

2007-03-03 15:56:55 0 d-------- C:\Program Files\Common Files\Ahead

2007-03-03 15:49:07 0 d-------- C:\Program Files\Nero

2007-03-03 00:18:33 0 d-------- C:\Program Files\Stadkart

2007-03-01 23:12:46 0 d-------- C:\Users\Fredrik\AppData\Roaming\CyberLink<CYBERL~1>

2007-03-01 21:39:17 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer<DAEMON~2>

2007-03-01 21:37:48 0 d-------- C:\Users\Fredrik\AppData\Roaming\dvdcss

2007-03-01 18:58:20 0 d-------- C:\Users\Fredrik\AppData\Roaming\vlc

2007-03-01 18:55:44 0 d-------- C:\Program Files\VideoLAN

2007-03-01 11:23:54 0 d-------- C:\Users\Fredrik\AppData\Roaming\StreetDeck<STREET~1>

2007-03-01 11:20:09 0 d-------- C:\Program Files\Common Files\Adobe

2007-03-01 11:04:44 0 d-------- C:\Users\Fredrik\AppData\Roaming\Adobe

2007-03-01 11:01:04 0 d-------- C:\Program Files\Click-N-Type<CLICK-~1>

2007-03-01 10:32:56 0 d---s---- C:\Users\Fredrik\AppData\Roaming\Microsoft<MICROS~1>

2007-03-01 10:32:46 0 d-------- C:\Program Files\StreetDeck<STREET~1>

2007-02-28 18:27:48 0 d-------- C:\Users\Fredrik\AppData\Roaming\AdobeUM

2007-02-28 13:47:42 0 d-------- C:\Program Files\Tolken99

2007-02-28 13:47:16 0 -rahs---- C:\MSDOS.SYS

2007-02-28 13:47:16 0 -rahs---- C:\IO.SYS

2007-02-28 12:49:50 0 d-------- C:\Users\Fredrik\AppData\Roaming\Skype

2007-02-28 11:59:25 0 d-------- C:\Program Files\Microsoft MapPoint Europe<MICROS~4>

2007-02-28 11:03:33 0 d-------- C:\Program Files\Google

2007-02-28 10:03:10 0 d-------- C:\Users\Fredrik\AppData\Roaming\GHISLER

2007-02-27 22:21:29 0 d-------- C:\Users\Fredrik\AppData\Roaming\WinRAR

2007-02-26 22:39:15 105457 --a------ C:\Windows\hpqins13.dat

2007-02-26 22:38:20 0 d-------- C:\Program Files\Common Files\HP

2007-02-26 22:38:19 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>

2007-02-26 22:31:17 0 d-------- C:\Users\Fredrik\AppData\Roaming\HP

2007-02-26 22:25:20 0 d-------- C:\Program Files\Skype

2007-02-26 21:27:58 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>

2007-02-26 21:26:42 0 d-------- C:\Program Files\Windows Mail<WINDOW~1>

2007-02-26 21:20:14 104448 --a------ C:\Windows\system32\DWWIN.EXE

2007-02-26 21:19:36 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>

2007-02-26 21:17:03 383488 --a------ C:\Windows\system32\ieapfltr.dll

2007-02-26 21:16:18 4153344 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll

2007-02-26 21:16:16 1686016 --a------ C:\Windows\system32\gameux.dll

2007-02-26 21:15:22 974336 --a------ C:\Windows\system32\crypt32.dll

2007-02-26 21:10:37 0 d-------- C:\Program Files\BitLord

2007-02-26 21:06:54 0 d-------- C:\Program Files\Symantec

2007-02-26 20:52:10 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>

2007-02-26 20:44:01 0 d-------- C:\Users\Fredrik\AppData\Roaming\Google

2007-02-26 20:34:14 0 d-------- C:\Users\Fredrik\AppData\Roaming\Identities<IDENTI~1>

2007-02-26 20:30:25 0 d-------- C:\Users\Fredrik\AppData\Roaming\Macromedia<MACROM~1>

2007-02-26 20:28:07 0 d-------- C:\Users\Fredrik\AppData\Roaming\Hewlett-Packard<HEWLET~1>

2007-02-21 07:00:00 545 --a------ C:\Windows\UC.PIF

2007-02-21 07:00:00 545 --a------ C:\Windows\RAR.PIF

2007-02-21 07:00:00 545 --a------ C:\Windows\PKZIP.PIF

2007-02-21 07:00:00 545 --a------ C:\Windows\PKUNZIP.PIF

2007-02-21 07:00:00 545 --a------ C:\Windows\NOCLOSE.PIF

2007-02-21 07:00:00 545 --a------ C:\Windows\LHA.PIF

2007-02-21 07:00:00 545 --a------ C:\Windows\ARJ.PIF

2007-01-26 10:08:58 287256 -ra------ C:\Windows\system32\AbaleZip.dll

2007-01-21 16:49:18 50 --ah----- C:\Windows\system32\xctrl.bat

2007-01-21 16:47:18 1888 --ah----- C:\Windows\system32\starting.reg

2006-12-12 18:12:16 454656 --a------ C:\Windows\system32\CnxtDSP.dll

2006-12-07 05:25:00 2371584 --a------ C:\Windows\system32\nvwssr.dll

2006-12-07 05:25:00 2048000 --a------ C:\Windows\system32\nvwss.dll

2006-12-07 05:25:00 3338240 --a------ C:\Windows\system32\nvvitvsr.dll

2006-12-07 05:25:00 3321856 --a------ C:\Windows\system32\nvvitvs.dll

2006-12-07 05:25:00 356352 --a------ C:\Windows\system32\nvuninst.exe

2006-12-07 05:25:00 356352 --a------ C:\Windows\system32\nvudisp.exe

2006-12-07 05:25:00 90191 --a------ C:\Windows\system32\nvsvc.dll

2006-12-07 05:25:00 5685248 --a------ C:\Windows\system32\nvoglv32.dll

2006-12-07 05:25:00 2854912 --a------ C:\Windows\system32\nvmoblsr.dll

2006-12-07 05:25:00 888832 --a------ C:\Windows\system32\nvmobls.dll

2006-12-07 05:25:00 81920 --a------ C:\Windows\system32\nvmctray.dll

2006-12-07 05:25:00 458752 --a------ C:\Windows\system32\nvmccssr.dll

2006-12-07 05:25:00 188416 --a------ C:\Windows\system32\nvmccss.dll

2006-12-07 05:25:00 45056 --a------ C:\Windows\system32\nvmccsrs.dll

2006-12-07 05:25:00 229376 --a------ C:\Windows\system32\nvmccs.dll

2006-12-07 05:25:00 3207168 --a------ C:\Windows\system32\nvgamesr.dll

2006-12-07 05:25:00 3063808 --a------ C:\Windows\system32\nvgames.dll

2006-12-07 05:25:00 307200 --a------ C:\Windows\system32\nvexpbar.dll

2006-12-07 05:25:00 5230592 --a------ C:\Windows\system32\nvdispsr.dll

2006-12-07 05:25:00 5619712 --a------ C:\Windows\system32\nvdisps.dll

2006-12-07 05:25:00 3055616 --a------ C:\Windows\system32\nvd3dum.dll

2006-12-07 05:25:00 1019904 --a------ C:\Windows\system32\nvcpluir.dll

2006-12-07 05:25:00 806912 --a------ C:\Windows\system32\nvcplui.exe

2006-12-07 05:25:00 7766016 --a------ C:\Windows\system32\nvcpl.dll

2006-12-07 05:25:00 147456 --a------ C:\Windows\system32\nvcolor.exe

2006-12-07 05:25:00 303104 --a------ C:\Windows\system32\nvapi.dll

2006-12-07 05:25:00 521128 --a------ C:\Windows\system32\dpinst.exe

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69, 6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78, 65,20,2d,68,69,64,65,00

"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"

"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"osCheck"="\"c:\\Program Files\\Norton Internet Security\\osCheck.exe\""

"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""

"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"

"QlbCtrl"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77,6c,65, 74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,51,75,69,63,6b,20,4c,61,75,6e,63, 68,20,42,75,74,74,6f,6e,73,5c,51,6c,62,43,74,72,6c,2e,65,78,65,20,2f,53,74, 61,72,74,00

"HP Health Check Scheduler"="C:\\Program Files\\Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe"

"WAWifiMessage"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48,65,77, 6c,65,74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,57,69,72,65,6c,65,73,73,20, 41,73,73,69,73,74,61,6e,74,5c,57,69,46,69,4d,73,67,2e,65,78,65,00

"hpWirelessAssistant"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,48, 65,77,6c,65,74,74,2d,50,61,63,6b,61,72,64,5c,48,50,20,57,69,72,65,6c,65,73, 73,20,41,73,73,69,73,74,61,6e,74,5c,48,50,57,41,4d,61,69,6e,2e,65,78,65,00

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

"NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"

"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"

"WindowsSystem32"="C:\\Program Files\\Common Files\\System\\msnmssgr.exe"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"Launcher"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,6c,61,75,6e, 63,68,65,72,2e,65,78,65,00

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=dword:00000002

"ConsentPromptBehaviorUser"=dword:00000001

"EnableInstallerDetection"=dword:00000001

"EnableLUA"=dword:00000001

"EnableSecureUIAPaths"=dword:00000001

"EnableVirtualization"=dword:00000001

"PromptOnSecureDesktop"=dword:00000001

"ValidateAdminCodeSignatures"=dword:00000000

"scforceoption"=dword:00000000

"FilterAdministratorToken"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=dword:00000001

"CF_BITMAP"=dword:00000002

"CF_OEMTEXT"=dword:00000007

"CF_DIB"=dword:00000008

"CF_PALETTE"=dword:00000009

"CF_UNICODETEXT"=dword:0000000d

"CF_DIBV5"=dword:00000011

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="credssp.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0WebClient\0\0

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0wlansvc\0EMDMgmt\0TabletInputService\0WPDBusEnum\0\0

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0

LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0\0

NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WerSvcGroup REG_MULTI_SZ wersvc\0\0

swprv REG_MULTI_SZ swprv\0\0

LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0WPCSvc\0PnrpAutoReg\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

regsvc REG_MULTI_SZ RemoteRegistry\0\0

wcssvc REG_MULTI_SZ WcsPlugInService\0\0

DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0

wdisvc REG_MULTI_SZ WdiServiceHost\0\0

sdrsvc REG_MULTI_SZ sdrsvc\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

secsvcs REG_MULTI_SZ WinDefend\0\0

bthsvcs REG_MULTI_SZ BthServ\0\0

 

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*

AeLookupSvc

wercplsupport

CertPropSvc

SCPolicySvc

gpsvc

IKEEXT

LogonHours

PCAudit

iphlpsvc

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

SessionEnv

hkmsvc

 

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

 

 

-- End of ComboScan: finished at 2007-03-07 at 19:23:08 ------------------------

 

ComboScan v20070306.20 run by Fredrik on 2007-03-07 at 19:22:06

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista™ Home Basic (build 6000)

Architecture: X86; Language: Swedish

 

CPU 0: Mobile AMD Sempron Processor 3400+

Percentage of Memory in Use: 51%

Physical Memory (total/avail): 958 MiB / 465.56 MiB

Pagefile Memory (total/avail): 2173.86 MiB / 1523.05 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1952 MiB

 

C: is Fixed (NTFS) - 106.34 GiB total, 44.96 GiB free.

D: is Fixed (NTFS) - 5.45 GiB total, 1.6 GiB free.

E: is CDROM (No Media)

F: is CDROM (UDF)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FW: Norton Internet Security v2007 (Symantec Corporation)

AV: Norton Internet Security v2007 (Symantec Corporation)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

AS: Norton Internet Security v2007 (Symantec Corporation)

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Fredrik\AppData\Roaming

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=FREDDAN

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Fredrik

LOCALAPPDATA=C:\Users\Fredrik\AppData\Local

LOGONSERVER=\\FREDDAN

NUMBER_OF_PROCESSORS=1

OnlineServices=Onlinetj„nster

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLSharedPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PCBRAND=Pavilion

PLATFORM=MCD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 76 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=4c02

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Fredrik\AppData\Local\Temp

TMP=C:\Users\Fredrik\AppData\Local\Temp

USERDOMAIN=Freddan

USERNAME=Fredrik

USERPROFILE=C:\Users\Fredrik

windir=C:\Windows

 

 

-- User Profiles ---------------------------------------------------------------

 

Fredrik

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL

--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL

--> C:\Windows\UNNeroShowTime.exe /UNINSTALL

--> C:\Windows\UNNeroVision.exe /UNINSTALL

--> C:\Windows\UNRecode.exe /UNINSTALL

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\8d0dc9390f2c596455e1446b5918a40\Setup.exe

Adobe Reader 7.0.9 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}

Adobe Setup --> MsiExec.exe /I{CBF7A9A4-C0D4-4BA0-8991-C9B7D90A5298}

AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}

AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}

Bearmach Parts Browser --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BEF90D3D-E0DB-4BDB-88C4-DE7253CE84A1}

BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe

ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}

Click-N-Type --> MsiExec.exe /X{BCB643F7-DA3D-4167-A68F-2517C288456C}

Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.EXE -U -IwisR30B7.inf

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf

Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409

HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly

HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9

HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly

HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}

HP Photosmart Essential 2.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x1d uninst

HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall

HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HP User Guide 0041 --> MsiExec.exe /I{D5CEFEDA-38DF-4F94-A392-C86163CB9965}

HP Wireless Assistant --> MsiExec.exe /I{355FADAF-55C4-4E08-88D4-A86C4CA6930C}

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Microsoft MapPoint Europe 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4256-BCF1-AC4A88151A6B}

Microsoft Works --> MsiExec.exe /I{8BA42EAE-19AD-4bf2-88C0-0232B1FBFDE2}

MSN Messenger 7.5 --> MsiExec.exe /I{0251BEE2-03EF-11DA-BFBD-00065BBDC0B5}

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Nero 7 Ultra Edition --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11053}

Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}

Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}

Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X

Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}

NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI

Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}

Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"

Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

Stadskartan --> C:\PROGRA~1\Stadkart\UNWISE.EXE C:\PROGRA~1\Stadkart\INSTALL.LOG

StreetDeck --> MsiExec.exe /X{2FDACAAF-26EA-4CA6-A78A-533A784CB114}

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Tolken99 v4.2 --> C:\PROGRA~1\Tolken99\UNWISE.EXE C:\PROGRA~1\Tolken99\INSTALL.LOG

[/log]Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe

VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe

WinRAR --> C:\Program Files\WinRAR\uninstall.exe

 

 

-- End of ComboScan: finished at 2007-03-07 at 19:23:08 ------------------------

 

 

 

[Cecilia]

2007-03-01 21:39:17 0 d-------- C:\Program Files\DaemonTools_WhenUSave_Installer<DAEMON~2>

WhenUSave är en otrevlighet ta bort mappen.

 

Annars hittar jag inget i loggen som kan förklara varför otrevligheterna inte gick att ta bort, men det kan bero på mina dåliga kunskaper om Vista. Kör denna online-skanning: http://www.kaspersky.com/virusscanner

Spara loggen och klistra in i ditt svar.

 

Installera SUPERAntiSpyware http://www.superantispyware.com/

och skanna igenom datorn. Klistra in den loggen också.

 

Skanna sedan här: http://www.ewido.net/en/onlinescan/

Klistra in den också.

 

Så får vi se om de kan upptäcka något mer.

 

OBS! När du har klistrat in en logg så ska du markera (måla) den och sedan trycka på LOG-knappen som finns på samma rad som i Besvara-fönstret.

 

[Cecilia]

Den här rootkit-sökningen kanske ger något när nu SDFix inte fungerar:

http://www.f-secure.com/blacklight/try_blacklight.html

 

 

[fiffe]

Hej Cecilia jag kan inte scanna med kaspersky i vista. Jag har vista x86.

Superanispyware tog bort daemontools whenusave installer och ewido hittade inget. F-secure hittar inget men jag tror inte den fungerar riktigt till mitt vista. Den tar 32bit och det är inte X86.

 

Datorn fungerar mycket bättre nu men explorer kan hänga sig ibland så man måste antingen stänga ner programmet eller starta om datorn. Så jag överväger och köra vista ett tag till.

 

här får du en ny logg av Hijack This

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:22:32, on 2007-03-08

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\BitLord\BitLord.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

C:\Users\Fredrik\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[/log]

[Cecilia]

Någonstans under vägen så har i alla fall C:\Program Files\Common Files\System\msnmssgr.exe försvunnit. Så nu kanske det går att ta bort det sista i HijackThis-loggen.

 

Skanna med HijackThis och bocka för:

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och så en ny HijackThis-logg.

 

[fiffe]

Hej nu är jag hemma igen,

Filerna får jag inte bort. En ny logg.

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:46:07, on 2007-03-12

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Fredrik\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=71&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gozobil.lx.ro

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[/log]

 

 

[Cecilia]

Det kan vara Windows Defender som hindrar dig/HijackThis från att göra ändringar av inställningarna i Internet Explorer, så stäng av Windows Defender innan du bockar för och fixar med HijackThis enligt mitt förra inlägg.