Just nu i M3-nätverket
Jump to content

Services.exe upptäckte ett fel...


Ikap

Recommended Posts

Hej

Min dator ger hela tiden felmeddelandet: Services.exe har upptäckt ett fel och måste stänga. Är rädd för att detta uppstått sedan jag rensat med antivirus och spybot. Vad kan jag göra åt det?

 

Har just bytt antivirusprogram, till avast, avg syns fortfarande i loggen för att jag inte startat om datorn.

 

Tips och råd mottages gärna.

 

Hälsningar Ika

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 20:47:25, on 2007-05-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [WinSvr] C:\WINDOWS\system32\tmr\WinTmr.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?633df7d9518142ba982903c689440e81

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?633df7d9518142ba982903c689440e81

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.frejakonsulter.se/controls/IlosoftImageUpload.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Security_Service - Unknown owner - C:\WINDOWS\system32\TmrService.exe

 

[/log]

 

Link to comment
Share on other sites

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)

 

Ladda ner Decard`s System Scanner på Skrivbordet

 

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

Kör den och följ anvisningar.

Skicka loggen som kommer ut = Main.txt

 

 

 

Link to comment
Share on other sites

Tack för att du tog dig an mitt problem.

 

Nu har jag gjort som du skrev och här kommer loggen

 

[log]

Deckard's System Scanner v20070426.43

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Swedish

 

CPU 0: Intel® Pentium® 4 CPU 3.06GHz

CPU 1: Intel® Pentium® 4 CPU 3.06GHz

Percentage of Memory in Use: 31%

Physical Memory (total/avail): 1023.23 MiB / 705.25 MiB

Pagefile Memory (total/avail): 2461.36 MiB / 2103.95 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1969.79 MiB

 

C: is Fixed (NTFS) - 29.64 GiB total, 17.31 GiB free.

D: is Fixed (NTFS) - 203.25 GiB total, 196.6 GiB free.

E: is CDROM (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FirstRunDisabled is set.

 

AV: avast! antivirus 4.7.942 [VPS 000740-2] v4.7.942 (ALWIL Software)

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Ika\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=PERSONAL-7C8223

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Ika

LOGONSERVER=\\PERSONAL-7C8223

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\ATI Technologies\ATI.ACEPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0409

ProgramFiles=C:\Program

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Ika\LOKALA~1\Temp

TMP=C:\DOCUME~1\Ika\LOKALA~1\Temp

USERDOMAIN=PERSONAL-7C8223

USERNAME=Ika

USERPROFILE=C:\Documents and Settings\Ika

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Ika (admin)

Jesper

Tobias

Administratör.PERSONAL-7C8223 (new local, admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Download Manager 2.2 (endast avinstallation) --> "C:\Program\Delade filer\Adobe\ESD\uninst.exe"

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 7.0.9 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe SVG Viewer 3.0 --> C:\Program\Delade filer\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program\Delade filer\Adobe\SVG Viewer 3.0\Uninstall\Install.log

ATI - Software Uninstall Utility --> C:\Program\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center --> MsiExec.exe /I{F85B3B0A-E302-4B67-9220-6B57F075B311}

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

avast! Antivirus --> rundll32 C:\Program\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

AVG Anti-Spyware 7.5 --> C:\Program\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

CCleaner (remove only) --> "C:\Program\CCleaner\uninst.exe"

Child Control 2006 --> C:\Program\Chico\kisiset.exe /uninstall

CutePDF Writer 2.7 --> C:\Program\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

Feedidentifiering (Windows Live Toolbar) --> MsiExec.exe /X{736D3047-3A62-4FF0-8F75-B1AB9387EE8D}

Font Manager --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DBFF98AD-258E-461B-A1CD-D45E564023F9}

foobar2000 v0.9.4.3 --> "C:\Program\foobar2000\uninstall.exe"

High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

Hijackthis 1.99.1 --> "C:\Program\Hijackthis\unins000.exe"

HijackThis 1.99.1 --> C:\Program\Hijackthis\HijackThis.exe /uninstall

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Mozilla Firefox (1.5.0.11) --> C:\Program\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.11 (sv-SE)"

Nero OEM --> C:\Program\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Program\NimoCodec Pack\uninstall.exe"

OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{19B622A5-0956-4080-843C-53A2E378BE5E}

OpenOffice.org 2.1 --> MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}

Popup-blockeraren (Windows Live Toolbar) --> MsiExec.exe /X{1E3C24B7-76FC-4EFB-B672-DB35C194DBC2}

REALTEK PCIE NIC Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\Setup.exe" -l0x1d REMOVE

Smarta menyer (Windows Live Toolbar) --> MsiExec.exe /X{5DB357BB-7940-4E5F-BAFF-4FB490914457}

Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

SoundMAX --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x1d -removeonly

Spybot - Search & Destroy 1.3 --> "C:\Program\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program\SpywareBlaster\unins000.exe"

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Total Commander (Remove or Repair) --> C:\Program\totalcmd\tcuninst.exe

ULi Sata Driver --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}\Setup.exe" -l0x9 -removeonly

Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB911164) -->

Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Webbsökning med flikar (Windows Live Toolbar) --> MsiExec.exe /X{70BF0AE7-758E-48C9-8637-640EFE887346}

VentriloMIX --> C:\Program\VentriloMIX\Uninstal.exe

Verktygsfältet Outlook (Windows Live Toolbar) --> MsiExec.exe /X{C757334D-4884-4C1D-AB60-7E038C019BBC}

Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}

Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Live Toolbar --> "C:\Program\Windows Live Toolbar\UnInstall.exe" {BF222632-FA11-46BE-900C-6297C769D64E}

Windows Live Toolbar --> MsiExec.exe /X{BF222632-FA11-46BE-900C-6297C769D64E}

Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{4A84EB9C-E961-45E5-A93C-FBDC5CD9DACD}

World of Warcraft --> C:\Program\Delade filer\Blizzard Entertainment\World of Warcraft\Uninstall.exe

 

 

-- End of Deckard's System Scanner: finished at 2007-05-17 at 14:29:06 ---------

 

[/log]

 

Link to comment
Share on other sites

Efter att ha startat om datorn och kört dss.exe igen blev det en main logg, det blev inte någon sån förra gången.

 

Här kommer main.txt

[log]

Deckard's System Scanner v20070426.43

Run by Ika on 2007-05-17 at 17:03:17

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Ika.exe) -------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 17:03:21, on 2007-05-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Ika\Skrivbord\dss.exe

C:\Program\HIJACK~1\Ika.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [WinSvr] C:\WINDOWS\system32\tmr\WinTmr.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?633df7d9518142ba982903c689440e81

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?633df7d9518142ba982903c689440e81

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.frejakonsulter.se/controls/IlosoftImageUpload.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Security_Service - Unknown owner - C:\WINDOWS\system32\TmrService.exe

 

 

-- Files created between 2007-04-17 and 2007-05-17 -----------------------------

 

2007-05-15 11:12:58 0 d-------- C:\Program\Alwil Software

2007-05-15 10:51:23 0 d-------- C:\WINDOWS\system32\sv-se

2007-05-15 08:28:37 0 d-------- C:\mp3

2007-05-15 08:28:19 0 d-------- C:\Documents and Settings\Ika\Application Data\foobar2000

2007-05-15 08:28:14 0 d-------- C:\Program\foobar2000

2007-05-13 01:11:26 0 dr-h----- C:\Documents and Settings\Ika\Recent

2007-05-11 21:24:37 0 d-------- C:\Program\Seterra

2007-05-10 11:55:02 0 d-------- C:\Program\Sebran

2007-05-08 08:42:29 0 d-------- C:\Program\Windows Live Safety Center

2007-04-29 17:53:02 0 d-------- C:\Documents and Settings\Ika\Application Data\Help

2007-04-21 16:43:56 0 d-------- C:\Documents and Settings\Ika\Contacts

2007-04-21 16:42:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2007-04-21 16:42:08 0 d-------- C:\Program\Windows Live Toolbar

2007-04-21 16:41:51 0 d------c- C:\WINDOWS\system32\DRVSTORE

2007-04-21 16:41:43 0 d-------- C:\Program\MSN Messenger

2007-04-20 18:43:38 1040384 --a------ C:\WINDOWS\system32\libeay32.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/;'>http://www.openssl.org/; The OpenSSL Toolkit>

2007-04-20 18:43:13 196608 --a------ C:\WINDOWS\system32\ssleay32.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-05-17 14:36:18 3547516 --a------ C:\WINDOWS\system32\wtmr.dll

2007-05-17 14:36:17 71 --ah----- C:\WINDOWS\system32\SWCTL.DLL

2007-05-15 09:56:18 0 d-------- C:\Program\Chico

2007-05-15 01:08:53 0 d-------- C:\Program\SUPERAntiSpyware

2007-05-14 22:54:00 0 d-------- C:\Documents and Settings\Ika\Application Data\OpenOffice.org2

2007-05-06 13:56:49 0 d-------- C:\Documents and Settings\Ika\Application Data\Ventrilo

2007-04-29 17:53:02 0 d-------- C:\Program\totalcmd

2007-04-21 16:41:59 0 d-------- C:\Program\Delade filer\Microsoft Shared

2007-04-11 15:11:51 0 d-------- C:\Documents and Settings\Ika\Application Data\Sun

2007-04-11 15:11:41 3445 --a------ C:\WINDOWS\mozver.dat

2007-04-11 14:16:13 0 d-------- C:\Program\Java

2007-04-11 14:15:28 0 d-------- C:\Program\Delade filer

2007-04-11 14:15:28 0 d-------- C:\Program\Delade filer\Java

2007-04-01 01:11:58 0 d-------- C:\Program\VentriloMIX

2007-03-25 12:43:42 395520 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-03-25 12:43:42 69608 --a------ C:\WINDOWS\system32\perfc01D.dat

 

 

-- Registry Dump ---------------------------------------------------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F} C:\Program\Spybot - Search & Destroy\SDHelper.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program\Java\jre1.6.0_01\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program\Windows Live Toolbar\msntb.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"WinSvr"="C:\\WINDOWS\\system32\\tmr\\WinTmr.exe"

"SoundMAXPnP"="C:\\Program\\Analog Devices\\Core\\smax4pnp.exe"

"ATICCC"="\"C:\\Program\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableClock"=dword:00000000

"DisableRegistryTools"=dword:00000000

"NoDispCPL"=dword:00000000

"DisableTaskMgr"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSetFolders"=dword:00000000

"NoSetTaskbar"=dword:00000000

"NoSaveSettings"=dword:00000000

"NoRun"=dword:00000000

"NoFind"=dword:00000000

"LWA"=dword:00000000

"LWB"=dword:00000000

"LWC"=dword:00000000

"LWD"=dword:00000000

"LWE"=dword:00000000

"LWF"=dword:00000000

"LWG"=dword:00000000

"LWH"=dword:00000000

"LWI"=dword:00000000

"LWJ"=dword:00000000

"LWK"=dword:00000000

"LWL"=dword:00000000

"LWM"=dword:00000000

"LWN"=dword:00000000

"LWO"=dword:00000000

"LWP"=dword:00000000

"LWQ"=dword:00000000

"LWR"=dword:00000000

"LWS"=dword:00000000

"LWT"=dword:00000000

"LWU"=dword:00000000

"LWV"=dword:00000000

"LWW"=dword:00000000

"LWX"=dword:00000000

"LWY"=dword:00000000

"LWZ"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HDAShCut"

"hkey"="HKLM"

"command"="HDAShCut.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Smax4"

"hkey"="HKLM"

"command"="\"C:\\Program\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e396584-02a9-11dc-a0ff-00173198e2e4}]

Shell\AutoRun\command PortableOpenOffice 2.0.1\PStart.exe

 

 

-- End of Deckard's System Scanner: finished at 2007-05-17 at 17:03:42 ---------

 

[/log]

 

Datorn gav samma felmeddelande denna gång datorn startades

services.exe upptäckte ett fel och måste stängas.

 

Innehåll i felrapport

C:\DOCUME~1\Ika\LOKALA~1\Temp\WERd5dd.dir00\services.exe.mdmp

C:\DOCUME~1\Ika\LOKALA~1\Temp\WERd5dd.dir00\appcompat.txt

 

 

 

 

Link to comment
Share on other sites

 

Scanna denna fil i länken och kopiera hela resultat och skicka hit

 

C:\WINDOWS\system32\wtmr.dll

 

http://www.virustotal.com/

 

Öppna Hijack

Open the Misc Tools section

Generate StartupList log

 

först bocka i dom två smårutor och sen scanna + skicka loggen .

 

Titta i Loggboken om du ser mera info om felmeddelande.

 

Link to comment
Share on other sites

Nu vill datorn starta om Systemmeddelande hann bara få fram denna

 

[log]

StartupList report, 2007-05-17, 20:29:18

StartupList version: 1.52.2

Started from : C:\Program\Hijackthis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16441)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program\Hijackthis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Ika\Start-meny\Program\Autostart]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

WinSvr = C:\WINDOWS\system32\tmr\WinTmr.exe

SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe

ATICCC = "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

SunJavaUpdateSched = "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

avast! = C:\Program\ALWILS~1\Avast4\ashDisp.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

SUPERAntiSpyware = C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registereditorn'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\Program\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

(no name) - C:\Program\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Kontrollera uppdateringar för Windows Live Toolbar.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

 

[bDSCANONLINE Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx

CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

 

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

 

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program\Java\jre1.6.0_01\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

 

[Java Plug-in 1.6.0_01]

InProcServer32 = C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx

CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

 

[ilosoftImageUploadCtl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\IlosoftImageUpload.dll

CODEBASE = http://webc.frejakonsulter.se/controls/IlosoftImageUpload.dll

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

ADI UAA Function Driver for High Definition Audio Service: system32\drivers\ADIHdAud.sys (manual start)

AEAudio Service: system32\drivers\AEAudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AliIde: system32\DRIVERS\aliide.sys (system)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)

avast! iAVS4 Control Service: "C:\Program\Alwil Software\Avast4\aswUpdSv.exe" (autostart)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard-IDE/ESDI-hårddiskstyrenhet: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Ljud-stub-drivrutin: system32\DRIVERS\audstub.sys (manual start)

avast! Antivirus: "C:\Program\Alwil Software\Avast4\ashServ.exe" (autostart)

avast! Mail Scanner: "C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)

avast! Web Scanner: "C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)

AVG Anti-Spyware Driver: \??\C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)

AVG Anti-Spyware Guard: C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)

AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Avkodare för dold textning: system32\DRIVERS\CCDECODE.sys (manual start)

CD-ROM-drivrutin: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Diskdrivrutin: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Drivrutin för diskettstyrenhet: system32\DRIVERS\fdc.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)

Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID-klassdrivrutin: system32\DRIVERS\hidusb.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

Intel-processordrivrutin: system32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

Tjänst för IR-uppräkning: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Tangentbordsklassdrivrutin: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel-wave-ljudMixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

LightScribeService Direct Disc Labeling Service: "C:\Program\Delade filer\LightScribe\LSSrvc.exe" (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Logitech USB-mikrofon: system32\drivers\OVSound2.sys (system)

m5288: system32\DRIVERS\m5288.sys (system)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Musklassdrivrutin: system32\DRIVERS\mouclass.sys (system)

HID-drivrutin för mus: system32\DRIVERS\mouhid.sys (manual start)

Klientomdirigerare för WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Tjänstproxy för Microsoft-direktuppspelning: system32\drivers\MSKSSRV.sys (manual start)

Klockproxy för Microsoft-direktuppspelning: system32\drivers\MSPCLOCK.sys (manual start)

Kvalitetshanteringsproxy för Microsoft-direktuppspelning: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning: system32\drivers\MSTEE.sys (manual start)

ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video-anslutning: system32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS-protokoll för I/O i användarläge: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS-gränssnitt: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

Drivrutin för parallellport: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

Logitech QuickCam Web: system32\DRIVERS\OVCE.sys (manual start)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direkt parallell: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Filterdrivrutin för uppspelning av digitalt CD-ljud: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32\DRIVERS\Rtenicxp.sys (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SASDIFSV: \??\C:\Program\SUPERAntiSpyware\SASDIFSV.SYS (system)

SASENUM: \??\C:\Program\SUPERAntiSpyware\SASENUM.SYS (manual start)

SASKUTIL: \??\C:\Program\SUPERAntiSpyware\SASKUTIL.sys (system)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Security_Service: C:\WINDOWS\system32\TmrService.exe /inject C:\WINDOWS\system32\bin\tmr005.dll (autostart)

SenFilt Service: system32\drivers\Senfilt.sys (manual start)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum-filterdrivrutin: system32\DRIVERS\serenum.sys (manual start)

Drivrutin för seriell port: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

sptd: System32\Drivers\sptd.sys (system)

Drivrutin för filter för Systemåterställning: \SystemRoot\system32\DRIVERS\sr.sys (disabled)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

WIA (Windows Image Acquisition): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A340C9CD-55AC-413F-9221-4DFEBBE7F8D1} (manual start)

Microsoft Kernelsystemljudenhet: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2-aktiverat nav: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)

Microsoft USB-skrivarklass: system32\DRIVERS\usbprint.sys (manual start)

Drivrutin för USB-masslagringsenheter: system32\DRIVERS\USBSTOR.SYS (manual start)

Läsartjänsten USN Journal för mappdelning i Messenger: "C:\Program\MSN Messenger\usnsvc.exe" (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

802.11g/b Driver for Windows XP : system32\DRIVERS\Mrvw125.sys (manual start)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Microsoft virtuell wave-drivrutin (WDM): system32\drivers\wdmaud.sys (system)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Teletext-codec för världsstandard: system32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

End of report, 33 598 bytes

Report generated in 0,188 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[/log]

 

Link to comment
Share on other sites

Nu hann jag få filen scannad här kommer resultatet, det såg bra ut.

 

[log]

Complete scanning result of "wtmr.dll", received in VirusTotal at 05.17.2007, 20:34:24 (CET).

 

Antivirus Version Update Result

AhnLab-V3 2007.5.16.1 05.17.2007 no virus found

AntiVir 7.4.0.23 05.17.2007 no virus found

Authentium 4.93.8 05.16.2007 no virus found

Avast 4.7.997.0 05.17.2007 no virus found

AVG 7.5.0.467 05.17.2007 no virus found

BitDefender 7.2 05.17.2007 no virus found

CAT-QuickHeal 9.00 05.17.2007 no virus found

ClamAV devel-20070416 05.17.2007 no virus found

DrWeb 4.33 05.17.2007 no virus found

eSafe 7.0.15.0 05.17.2007 no virus found

eTrust-Vet 30.7.3639 05.17.2007 no virus found

Ewido 4.0 05.17.2007 no virus found

FileAdvisor 1 05.17.2007 no virus found

Fortinet 2.85.0.0 05.17.2007 no virus found

F-Prot 4.3.2.48 05.16.2007 no virus found

F-Secure 6.70.13030.0 05.17.2007 no virus found

Ikarus T3.1.1.7 05.17.2007 no virus found

Kaspersky 4.0.2.24 05.17.2007 no virus found

McAfee 5033 05.17.2007 no virus found

Microsoft 1.2503 05.17.2007 no virus found

NOD32v2 2274 05.17.2007 no virus found

Norman 5.80.02 05.17.2007 no virus found

Panda 9.0.0.4 05.17.2007 no virus found

Prevx1 V2 05.17.2007 no virus found

Sophos 4.17.0 05.16.2007 no virus found

Sunbelt 2.2.907.0 05.17.2007 no virus found

Symantec 10 05.17.2007 no virus found

TheHacker 6.1.6.115 05.15.2007 no virus found

VBA32 3.12.0 05.16.2007 no virus found

VirusBuster 4.3.7:9 05.17.2007 no virus found

Webwasher-Gateway 6.0.1 05.17.2007 no virus found

 

Aditional Information

File size: 3547516 bytes

MD5: 7e681693360d6f95f86021d245c924bb

SHA1: c4ba265e554217183a82791f665ac0198c080c2a[/log]

 

[inlägget ändrat 2007-05-17 21:20:44 av Ikap]

Link to comment
Share on other sites

Förlåt om jag har lite svårt att förstå men jag undrar vilken loggbok du menar?

Har stirrat på resultaten från såväl Hijackthis och startup loggen men förstår inte mycket... finns saker jag undrar varför det är flera av samma (blå), andra saker jag funderar på vad det är (röd) och om man inte bör laga/ta bort där det är (file missing). En AVG nånting är kvar (grön) fast programmet är avinstallerat, kan det ge problem?

Undrar om mina färgmarkeringar alls syns när jag gjort dem i loggen (senaste från hijackthis)

 

De filer som services.exe felet hänvisar till, är de något jag kan ta bort? Eller direkt påverka/laga kanske?

 

Och detta Windows Live och Toolbars, är det sånt som behövs? Min erfarenhet av searchbars etc är att de ger problem, iaf på barnens datorer när de har laddat hem och spelat gratis nätspel typ Pusselpirates eller vad det nu heter (vilket de inte gjort på denna dator).

 

Att titta på såna här loggar och listor gör en som inte är dataproffs hyperorolig, så jag hoppas du har tålamod med mig.

 

//Ika

 

[log]

Logfile of HijackThis v1.99.1

Scan saved at 20:59:14, on 2007-05-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR'>http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [WinSvr] C:\WINDOWS\system32\tmr\WinTmr.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?633df7d9518142ba982903c689440e81

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?633df7d9518142ba982903c689440e81

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} (IlosoftImageUploadCtl Class) - http://webc.frejakonsulter.se/controls/IlosoftImageUpload.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: Security_Service - Unknown owner - C:\WINDOWS\system32\TmrService.exe

 

[/log]

 

[inlägget ändrat 2007-05-17 21:20:16 av Ikap]

Link to comment
Share on other sites

 

> jag undrar vilken loggbok du menar? <

 

[log]Skriv i Kör fältet eventvwr.msc och klicka Ok

 

> flera av samma (blå) <

 

Helt normalt att ha flera svchost.exe igång

 

> på vad det är (röd) <

 

O4 - HKLM\..\Run: [WinSvr] C:\WINDOWS\system32\tmr\WinTmr.exe

O23 - Service: Security_Service - Unknown owner - C:\WINDOWS\system32\TmrService.exe

 

Ser ut som att dessa tillhör Childcontrol program.

Resten av röda är ok.

 

Om AVG Anti-Spyware 7.5 är avinstallerad så skriv i Kör fältet services.msc och Ok

Leta efter tjänsten AVG Anti-Spyware Guard och dubbelklicka på den och ändra Startmetod till inaktiverad > verkställ > ok

 

> Windows Live och Toolbars, är det sånt som behövs? <

 

Vill du inte ha kvar så bara att avinstallera

 

> De filer som services.exe felet hänvisar till, är de något jag kan ta bort? Eller direkt påverka/laga kanske? <

 

Om du menar dessa så inget att göra åt dom

 

C:\DOCUME~1\Ika\LOKALA~1\Temp\WERd5dd.dir00\services.exe.mdm

p

C:\DOCUME~1\Ika\LOKALA~1\Temp\WERd5dd.dir00\appcompat.txt[/log]

 

Link to comment
Share on other sites

Tack

Nu har jag hittat loggboken, hittar inte mycket jag förstår, så här står det på det senaste felet. Men det finns ingenting om detta på den webblänk som hänvisas till.

 

I denna dator finns tre användare, det är på min egen som felmeddelandet kommer upp hela tiden. Denna gång loggade jag in på ena sonens användare och har inte fått felmeddelandet än.

 

[log]

Händelsetyp: Fel

Händelsens källa: Application Error

Händelsekategori: (100)

Händelse-ID: 1000

Datum: 2007-05-17

Tid: 21:43:54

Användare: Saknas

Dator: PERSONAL-7C8223

Beskrivning:

Felaktigt program services.exe, version 5.1.2600.2180, felaktig modul unknown, version 0.0.0.0, felaktig adress 0x00e99dd7.

 

Mer information finns i Hjälp- och supportcenter på sidan http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 41 70 70 6c 69 63 61 74 Applicat

0008: 69 6f 6e 20 46 61 69 6c ion Fail

0010: 75 72 65 20 20 73 65 72 ure ser

0018: 76 69 63 65 73 2e 65 78 vices.ex

0020: 65 20 35 2e 31 2e 32 36 e 5.1.26

0028: 30 30 2e 32 31 38 30 20 00.2180

0030: 69 6e 20 75 6e 6b 6e 6f in unkno

0038: 77 6e 20 30 2e 30 2e 30 wn 0.0.0

0040: 2e 30 20 61 74 20 6f 66 .0 at of

0048: 66 73 65 74 20 30 30 65 fset 00e

0050: 39 39 64 64 37 99dd7

[/log]

 

 

 

Link to comment
Share on other sites

Tack så mycket för att du tog dig tid att försöka hjälpa.

 

Nu fungerar datorn som förr igen (peppar peppar) så något på vägen har väl hjälpt till med problemet.

 

Med vänliga hälsningar

 

Ika

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...