Popups och rundll32.exe

[RichardSchicke]

 

Hejsan!

Jag har ett problem som jag inte lyckas reda ut, och skulle bli glad och tacksam för lite hjälp.

 

Jag har lyckats skaffa mig någon form av virus. Det är inte den värsta sorten, det yttrar sig bara som popups då och då medan jag surfar, men det är irriterande nog och det känns inte bra att datorn är infekterad.

 

Jag kör XP, service pack 2.

 

Norton lyckades inte få bort det.

 

Skaffade AdAware, men utan resultat, varken vid scanning eller när jag använder Ad-Watch. Däremot får jag följande notification från Ad-Watch ungefär tre gånger per sekund.

 

[log]

The process "rundll32.exe" (3784) is trying to modify (RegKeyChangeOrCreate) the registry

 

Path:

HKEY_LOKAL_MACHINE SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A292f685-D6C0-451D-96D2-7???????????[/log]

 

 

Jag vet inte om problemen är relaterade. Kan någon svara på hur jag ska gå till väga för att hitta problemet

 

 

 

/RichardSchicke

 

[Zipp.]

 

[log]Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-102273

53.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen [/log]

 

[RichardSchicke]

Tack! Okej, här är loggen

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:50, on 2008-11-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

D:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\WINDOWS\CTHELPER.EXE

D:\WINDOWS\system32\CTXFIHLP.EXE

D:\WINDOWS\SYSTEM32\CTXFISPI.EXE

D:\Program\btbb_wcm\McciTrayApp.exe

D:\Program\Yahoo!\browser\ybrwicon.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program\Yahoo!\browser\ycommon.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

D:\WINDOWS\system32\CTsvcCDA.EXE

D:\Program\PowerISO\PWRISOVM.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\Program\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

D:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

D:\Program\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\system32\rundll32.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\Creative\MediaSource\Detector\CTDetect.exe

D:\WINDOWS\system32\CAP3RSK.EXE

D:\Program\Yahoo!\MESSEN~1\ymsgr_tray.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

D:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\rundll32.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Lavasoft\Ad-Aware\aawservice.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] D:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [YBrowser] D:\Program\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [WD Drive Manager] D:\Program\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CAP3ON] D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "D:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [a4a390a2] rundll32.exe "D:\WINDOWS\system32\extcfgjb.dll",b

O4 - HKLM\..\Run: [symantec PIF AlertEng] "D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [eyeBeam SIP Client] "D:\Program\BT Broadband Talk Softphone\BTSoftphone.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O20 - AppInit_DLLs: jixddy.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - D:\Program\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE

 

--

End of file - 10514 bytes

[/log]

 

[Zipp.]

 

[log]Avinstallera via Kontrollpanelen om hittas = AskSBar

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix[/log]

 

[RichardSchicke]

Hej!

 

Jag hittar bara något som heter Ask Toolbar. Används "sällan", senast 2008-10-15.

 

Däremot har jag ett USB-moden, ja, så jag ska alltså undvika ComboFix?

 

[Zipp.]

 

[log]Ta bort Ask Toolbar

 

Ladda ner Malwarebytes Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Ta bort allt som hittas och starta om datorn och ny Hijack log[/log]

 

[RichardSchicke]

Okej, jag tror att det har hjälpt.

 

Här är loggen:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:27:42, on 2008-11-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

D:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

D:\Program\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\CTHELPER.EXE

D:\WINDOWS\system32\CTXFIHLP.EXE

D:\Program\btbb_wcm\McciTrayApp.exe

D:\WINDOWS\SYSTEM32\CTXFISPI.EXE

D:\Program\Yahoo!\browser\ybrwicon.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program\Yahoo!\browser\ycommon.exe

D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

D:\Program\PowerISO\PWRISOVM.EXE

D:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

D:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

D:\Program\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\Creative\MediaSource\Detector\CTDetect.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

D:\WINDOWS\system32\CAP3RSK.EXE

D:\WINDOWS\system32\CTsvcCDA.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\Program\Yahoo!\MESSEN~1\ymsgr_tray.exe

D:\Program\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

D:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE

D:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

D:\Program\Symantec\LiveUpdate\AUPDATE.EXE

D:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

D:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

D:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

D:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

D:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program\Symantec\LiveUpdate\LuCallbackProxy.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {4CAB59B4-55A3-4737-9FD5-B93C6430BF76} - D:\WINDOWS\system32\wtudmrxs.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] D:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [YBrowser] D:\Program\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [WD Drive Manager] D:\Program\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CAP3ON] D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "D:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [eyeBeam SIP Client] "D:\Program\BT Broadband Talk Softphone\BTSoftphone.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O20 - AppInit_DLLs: jixddy.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - D:\Program\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE

 

--

End of file - 10675 bytes

[/log]

 

[Zipp.]

 

[log]Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O2 - BHO: (no name) - {4CAB59B4-55A3-4737-9FD5-B93C6430BF76} - D:\WINDOWS\system32\wtudmrxs.dll

O20 - AppInit_DLLs: jixddy.dll

 

sen ta bort om hittas i felsäkert läge

 

D:\WINDOWS\system32\wtudmrxs.dll

D:\WINDOWS\system32\jixddy.dll

 

efter det ska det vara ok enligt loggen[/log]

 

[RichardSchicke]

Jag använde Hijack som du skrev, och det verkade få bort dem. Däremot fanns de inte i mappen när jag skulle ta bort dem manuellt. Inte mig emot, förstås, men är det okej? Här är loggen som den ser ut nu.

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:02, on 2008-11-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

D:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

D:\Program\Lavasoft\Ad-Aware\aawservice.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\CTHELPER.EXE

D:\WINDOWS\system32\CTXFIHLP.EXE

D:\WINDOWS\SYSTEM32\CTXFISPI.EXE

D:\Program\btbb_wcm\McciTrayApp.exe

D:\Program\Yahoo!\browser\ybrwicon.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program\Yahoo!\browser\ycommon.exe

D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

D:\Program\PowerISO\PWRISOVM.EXE

D:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

D:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

D:\Program\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\Program\Delade filer\Symantec Shared\ccApp.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program\Creative\MediaSource\Detector\CTDetect.exe

D:\Program\Bonjour\mDNSResponder.exe

D:\WINDOWS\system32\CAP3RSK.EXE

D:\Program\Yahoo!\MESSEN~1\ymsgr_tray.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

D:\WINDOWS\system32\CTsvcCDA.EXE

D:\WINDOWS\system32\nvsvc32.exe

D:\Program\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

D:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE

D:\Program\Mozilla Firefox\firefox.exe

D:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\wuauclt.exe

D:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/'>http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - D:\Program\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] D:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program\btbb_wcm\McciTrayApp.exe

O4 - HKLM\..\Run: [YBrowser] D:\Program\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [iMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [WD Drive Manager] D:\Program\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CAP3ON] D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE

O4 - HKLM\..\Run: [ccApp] "D:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "D:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] D:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [eyeBeam SIP Client] "D:\Program\BT Broadband Talk Softphone\BTSoftphone.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma.lnk = D:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK = D:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program\Yahoo!\common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - D:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - D:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - D:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - D:\Program\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE

 

--

End of file - 10270 bytes

[/log]

 

[Zipp.]

 

Nu är loggen ok

 

Inte mig emot, förstås, men är det okej?

 

Jep

 

[RichardSchicke]

Vad schysst! Du ska ha ett stort tack. Du är en klippa!