Just nu i M3-nätverket
Jump to content

Blir redireced om jag klickar på Google-länk


BlueMaster

Recommended Posts

Hej, Kan någon vänligen kolla min HJT-log?! Tack på förhand

-Åke

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:43:42, on 2008-12-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Microsoft SQL Server\MSSQL$INSTANCENAME\Binn\sqlservr.exe

C:\Program\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Eset\nod32kui.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluemaster.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program\Intel\Intel Application Accelerator\iaanotif.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner - C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7992 bytes

[/log]

 

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

Hej,

 

Jag har problem med MBAM. När jag installerar går det väldigt trögt (installationsprogrammet står still i typ 15 minuter, utan I/O eller CPU) innan sista installationsrutan, där man ska bocka för "Uppdatera" resp. "Starta". När man sedan trycker på "Slutför" kommer ingen användardialog upp. Processen mbam.exe lever i ca. 5-10 minuter, utan att dra någon CPU eller skapa någon loggfil.

 

Om jag istället försöker köra från windows eller DOS-fönster händer samma sak: Processen mbam.exe lever helt stillsamt i 5-10 minuter, för att sedan dö utan att efterlämna ett spår. [Jag behöver väl knappast påpeka att den inte utkämpar, eller åtminstone inte VINNER, några viruskrig.]

 

Jag har förstås installerat och avinstallerat ett antal gånger, utan att lyckas...

 

Vad göra?

 

mvh

-Åke

 

Link to comment
Share on other sites

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn) och se om installationen går bättre då.

 

Link to comment
Share on other sites

Starta Enhetshanteraren på det här viset:

 

Start - Program - Tillbehör - Kommandotolken

Skriv:

set DEVMGR_SHOW_DETAILS=1

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

start devmgmt.msc

 

och välj att visa Dolda enheter i Visa-menyn. Leta efter Tdssserv.

Högerklicka på den och välj Inaktivera

Starta om datorn och se om installationen lyckas nu.

 

Annars så ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

 

Link to comment
Share on other sites

Hej, Efter att ha inaktiverat TSSserv enligt dina anvisningar gick det bra att installera MBAM och utföra rensningen. [i samband med detta vaknade också mitt antivirus pgm (NOD32) till liv och hittade fel på flera TSS*.* -filer.]

 

Nu går det bra att klicka på Google-länkar igen. Tack så väldigt mycket för hjälpen. Jag bifogar logg från MBAM och ny HJT-körning, i fall du ser något mer konstigt...

 

God Jul önskar eder tacksamme..

-Åke

 

MBAM:

[log]

Malwarebytes' Anti-Malware 1.31

Databasversion: 1526

Windows 5.1.2600 Service Pack 3

 

2008-12-21 08:27:49

mbam-log-2008-12-21 (08-27-49).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 78375

Förfluten tid: 12 minute(s), 52 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 3

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 10

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\SYSTEM32\TDSShrxr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\TDSSoiqt.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\TDSSrtqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\TDSSXFUM.VDLL (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\DRIVERS\TDSSmqlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\akli\Lokala inställningar\Temp\TDSS63ad.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\akli\Lokala inställningar\Temp\TDSS63cd.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\akli\Lokala inställningar\Temp\CD1.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\TDSSkkbi.log (Trojan.TDSS) -> Quarantined and deleted successfully.

[/log]

 

 

HJT:

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:49:01, on 2008-12-21

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Microsoft SQL Server\MSSQL$INSTANCENAME\Binn\sqlservr.exe

C:\Program\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Eset\nod32kui.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluemaster.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program\Intel\Intel Application Accelerator\iaanotif.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) - https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner - C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8060 bytes

[/log]

 

Link to comment
Share on other sites

Hitta Tdssserv igen i Enhetshanterarne och denna gång så högerklickar du på den och väljer att ta bort den i stället.

 

Verkar allt bra med datorn, lika snabb som vanlig?

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

Link to comment
Share on other sites

Hej igen, Jo jag tycker datorn går bra nu. Jag tog bort tdssserv.sys genom att avinstallera m h a enhetshanteraren (plus en omstart).

 

Därefter körde jag även OTViewIt enligt dina anvisningar

 

Slutligen körde jag en ny HJT ... Loggar bifogas

 

Om du (eller någon annan) ser något konstigt får ni gärna hjälpa en gammal hjälplös windows-användare att åtgärda fler fel.

 

Än en gång: Tack så jättemycket

 

-Åke

 

OTViewIt

[log]

 

[1 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008-12-21 15:31:46 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\akli\Skrivbord\OTViewIt.exe

[2008-12-21 15:25:47 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2008-12-21 15:25:38 | 00,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini

[2008-12-21 15:25:31 | 00,015,934 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2008-12-21 15:25:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2008-12-21 15:24:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-21 15:24:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2008-12-21 15:24:38 | 21,455,46240 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-21 08:12:35 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-12-20 23:51:14 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\akli\Skrivbord\mbam-setup.exe

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\akli\Skrivbord\mbam-setup.exe:SummaryInformation

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\akli\Skrivbord\mbam-setup.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2008-12-20 10:55:59 | 00,000,712 | ---- | M] () -- C:\WINDOWS\NAGrid.ini

[2008-12-20 10:52:48 | 00,000,215 | ---- | M] () -- C:\WINDOWS\NordeaAxess_2x.ini

[2008-12-20 10:37:28 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20081220103728.job

[2008-12-20 10:36:06 | 00,000,910 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2008-12-20 10:34:52 | 00,001,264 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini

[2008-12-19 21:41:13 | 00,069,088 | ---- | M] () -- C:\Documents and Settings\akli\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2008-12-19 21:34:27 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-11 07:35:37 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Ad-Watch.lnk

[2008-12-11 07:35:37 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Ad-Aware.lnk

[2008-12-11 07:33:39 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\akli\Skrivbord\aaw2008.exe

[2008-12-11 07:04:43 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-08 16:48:38 | 00,000,041 | ---- | M] () -- C:\WINDOWS\crw.ini

[2008-12-07 20:24:30 | 00,000,527 | ---- | M] () -- C:\WINDOWS\System32\TDSSlrvd.dat

[2008-12-03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-11-24 18:12:02 | 00,500,961 | ---- | M] () -- C:\Documents and Settings\akli\Skrivbord\liss.wab

[2008-11-24 18:01:25 | 01,662,377 | ---- | M] () -- C:\Documents and Settings\akli\Mina dokument\comm_manual_gn-br01g_e.pdf

[2008-11-24 07:21:00 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\akli\Mina dokument\ikea-cpu.doc

< End of report >

[/log]

[log]

OTViewIt Extras logfile created on: 2008-12-21 15:34:05 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\akli\Skrivbord

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 75,45% Memory free

3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,19% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 148,96 Gb Total Space | 106,14 Gb Free Space | 71,26% Space Free | Partition Type: NTFS

Drive D: | 149,01 Gb Total Space | 147,39 Gb Free Space | 98,91% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: D17MMH1J

Current User Name: akli

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=1

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

File not found -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- E:\Setup\HPZnet01.exe:*:Enabled:ICE 2.6 Network Plug in

[2003-09-16 04:19:24 | 00,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor (CUE)

[2006-10-17 11:56:10 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MSHTA.EXE:*:Enabled:Microsoft ® HTML Application host

[2008-04-14 17:05:11 | 00,244,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\USMT\MIGWIZ.EXE:*:Enabled:Guiden Överför filer och inställningar

[2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2006-06-14 15:48:00 | 14,276,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

File not found -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2007-03-09 17:53:44 | 01,775,152 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\SYSTEM32\imon.dll (Eset )

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2003-12-22 07:38:40 | 00,081,920 | ---- | M] (Hewlett-Packard Company) C:\Program\HP\hpcoretech\comp\hpuiprot.dll (cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} (HKLM) [CZipHandler Object])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2005-09-23 04:28:18 | 00,866,304 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001-06-20 09:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-03-14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Programvara för Logitech iTouch

"{061fafe8-17e6-4ed5-ba71-2eae2e06f7e5}.sdb"=KU2006Fix

"{0D93D54E-D5E7-4928-A506-6E814D91D113}"=2400_2500Help

"{109e7445-a689-43dd-9b19-e1ca0b41456d}.sdb"=KU2007

"{1389C6A4-4965-4AEC-9175-08B54A10FA48}"=Microsoft SQL Server 2005 Mobile [ENU] Developer Tools

"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}"=Microsoft FrontPage Client - English

"{18E0918E-1060-48f3-925C-56C82E88551B}"=HP PSC & OfficeJet 3.5

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}"=Microsoft Visual J# .NET Redistributable Package 1.1

"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}"=DocProc

"{20610409-CA18-41A6-9E21-A93AE82EE7C5}"=Visual Studio .NET Professional 2003 - English

"{22988B2A-374A-4A7B-B795-A1AFF2046BE9}"=PhotoGallery

"{23959E96-A80F-4172-A655-210E9BB7BFBE}"=MSDN Library for Visual Studio 2005

"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}"=Scan

"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}"=Broadcom ASF Management Applications

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}"=Microsoft SQL Server 2005 Tools Express Edition

"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}"=SkinsHP1

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}"=Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2E086814-7392-4E0F-ADB8-54A81E47406C}"=Broadcom Advanced Control Suite 2

"{2E132061-C78A-48D4-A899-1D13B9D189FA}"=Memories Disc Creator 2.0

"{2F380E5F-967E-4755-A06A-1706F7C31053}"=Nero 7 Premium

"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5

"{33BABF46-8430-47A8-A98C-88B1E9DA5DE6}"=Garmin Training Center 3.4.1

"{34957B51-9676-41CE-9E52-44AE91B73F1C}"=HP Software Update

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{366FFC89-C800-4366-B903-B9C4314109A5}"=Garmin WebUpdater

"{3ACF833E-AADC-4B71-9F67-29CF4FFB8E3E}"=Garmin Communicator Plugin

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}"=HPSystemDiagnostics

"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}"=Unload

"{41C7AFD4-63BF-458C-BB13-7B6AC865A48D}"=2400_2500trb

"{437AB8E0-FB69-4222-B280-A64F3DE22591}"=Microsoft Visual Studio 2005 Professional Edition - ENU

"{44D4AF75-6870-41F5-9181-662EA05507E1}"=Microsoft Document Explorer 2005

"{47C25360-AEBC-4B21-B233-87CE653B3369}"=AIOMinimal

"{48242276-DB89-42e8-9678-BD4280D7B99A}"=Copy

"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant

"{4ACBBFC6-3F39-48DE-8D85-182736B2749B}"=Garmin MapSource

"{4DE0D978-EA3A-4460-9352-5FADDDB5C9AB}"=Microsoft Visual C# .NET Step By Step (v2003) Sample Files

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)

"{5421155F-B033-49DB-9B33-8F80F233D4D5}"=GdiplusUpgrade

"{54C0D94A-F467-4ABC-9D02-6E58748668D4}"=iTunes

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml

"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}"=MSDN Library for Visual Studio .NET 2003

"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}"=PrintScreen

"{625386A4-B6B6-4911-A6E8-23189C3F2D15}"=Microsoft .NET Compact Framework 2.0

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0

"{6864A62D-3EF3-415F-9922-240EED34B4C0}"=Fax

"{689404D2-1C94-44B3-9203-BEC5594FDA7A}"=Microsoft SQL Server Desktop Engine (INSTANCENAME)

"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package

"{6A16052B-00D6-4185-A7D8-A2767920F22B}"=PPC Sync

"{6C531060-84FB-4F96-8F33-29DF020632EB}"=Microsoft .NET Compact Framework 1.0 SP3 Developer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03

"{723C033E-63EA-4227-BAB2-0AA8693C16EB}"=Director

"{745A92AF-53B4-41A7-91C3-9B026B1D5897}"=InstantShare

"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}"=overland

"{7689CA7A-1270-425A-9959-EB4CB25EA29A}"=Sony Ericsson PC Suite 1.20.224

"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}"=Microsoft Device Emulator version 1.0 - ENU

"{81DD5688-695A-4c1d-AE7D-368BF857725A}"=TrayApp

"{83d96ed0-98aa-4515-8ddc-816f3efdd104}"=MyDSC2

"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel Application Accelerator

"{9111041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003

"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643}"=AiOSoftware

"{9B03C535-3AEA-4ef2-B326-0A01A2207034}"=CreativeProjects

"{9C5A0C32-A1DB-4080-8479-02CC8F797FE1}"=Visma Skatt Företag 2007-2008

"{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska

"{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11}"=AiO_Scan

"{AFD2EB5E-A658-4A74-ADDE-F63F80A1E719}"=KU 2006

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B8BFB69F-BBBA-48A9-A788-851222571C77}"=MapSource Product Install

"{BC339BFD-F550-471a-8D26-4D08126C62F7}"=SkinsHP2

"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}"=QuickTime

"{CA57B3EB-9558-48CB-84F9-33C5A9F15626}"=2500

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CB7049D6-9EF3-4311-8281-A9EDBC9478CB}"=Visma Bokföring

"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}"=QuickProjects

"{CE366952-DCEC-4939-B739-8130FB7DF3F8}"=23_24_2500Tour

"{CF277AE2-7C23-40EA-BD64-AF1D99205E15}"=KU 2007

"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}"=Overland

"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}"=Visual Studio.NET Baseline - English

"{DBB86FEF-CA7B-4A63-AE37-BA774D799168}"=SportTracks 2.0

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware

"{E09B48B5-E141-427A-AB0C-D3605127224A}"=Microsoft SQL Server Desktop Engine

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E443F067-3345-482C-BD7A-12675A53D292}"=Readme

"{E6DE4F95-AB96-4162-8C1A-09E2C0CD5639}"=Microsoft Visual C Sharp .NET Step by Step Version 2003 eBook

"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}"=Microsoft SQL Server VSS Writer

"{EEF36FA8-DD2F-45CB-BAE4-55C2F1FE5263}"=Nordea Axess 2.4.5

"{F1C5DB9E-9D43-4662-B894-D1236CDB90CA}"=SPCS Bokföring

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}"=Microsoft SQL Server Native Client

"{FBBF532A-47AC-457d-AC06-0D3163D8911E}"=WebReg

"{FF102450-55AA-4AE1-ACE4-E271E2470C83}"=hpmdtab

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player"=Adobe Shockwave Player

"Creative Jukebox Driver"=Creative Jukebox Driver

"Fripro Svealand Type Customisation_is1"=Fripro Svealand Type Customisation version 1.2

"FTD2XX"=FTDI FTD2XX USB Drivers

"Guitar Pro 5_is1"=Guitar Pro 5.2

"HijackThis"=HijackThis 2.0.2

"HP Photo & Imaging"=HP Image Zone 3.5

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}"=Broadcom ASF Management Applications

"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}"=Broadcom Advanced Control Suite 2

"InstallShield_{4DE0D978-EA3A-4460-9352-5FADDDB5C9AB}"=Microsoft Visual C# .NET Step By Step (v2003) Sample Files

"InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4}"=iTunes

"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}"=QuickTime

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft Document Explorer 2005"=Microsoft Document Explorer 2005

"Microsoft SQL Server 2005"=Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package

"Microsoft Visual Studio 2005 Professional Edition - ENU"=Microsoft Visual Studio 2005 Professional Edition - ENU

"MSDN Library for Visual Studio 2005"=MSDN Library for Visual Studio 2005

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"NOD32"=NOD32 Antivirus

"Notepad++"=Notepad++

"NVIDIA Drivers"=NVIDIA Drivers

"PartyPoker"=PartyPoker

"Personal"=BankID säkerhetsprogram 4.10

"Sverigekartan version 3"=Sverigekartan version 3

"Telia Supportassistent Portal_is1"=Telia Supportassistent Portal

"TPTEST5_is1"=TPTEST 5.0.2

"Windows Media Format Runtime"=Windows Media Format Runtime

"Windows XP Service Pack"=Windows XP Service Pack 3

"Visual Studio .NET Professional 2003 - English"=Microsoft Visual Studio .NET Professional 2003 - English

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-12-20 05:55:39 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: 404 (HTTP-svarsstatus)

 

Error - 2008-12-20 05:55:39 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:40 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:40 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:40 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:40 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:41 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:41 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:42 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-12-20 05:55:42 | Computer Name = D17MMH1J | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

[ System Events ]

Error - 2008-12-20 19:22:56 | Computer Name = D17MMH1J | Source = DCOM | ID = 10005

Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med

argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2008-12-20 19:23:54 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7000

Description = Tjänsten LF Connection Keeper Service kunde inte startas på grund

av följande fel: %%2

 

Error - 2008-12-20 19:43:43 | Computer Name = D17MMH1J | Source = DCOM | ID = 10010

Description = Servern {66B093B7-B5E3-4CFE-B32B-FEB55F172481} registrerades inte

med DCOM inom erforderlig timeout.

 

Error - 2008-12-21 02:54:14 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7000

Description = Tjänsten LF Connection Keeper Service kunde inte startas på grund

av följande fel: %%2

 

Error - 2008-12-21 03:09:31 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7000

Description = Tjänsten LF Connection Keeper Service kunde inte startas på grund

av följande fel: %%2

 

Error - 2008-12-21 03:34:46 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7000

Description = Tjänsten LF Connection Keeper Service kunde inte startas på grund

av följande fel: %%2

 

Error - 2008-12-21 03:35:06 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541

amdagp

amsint

asc

asc3350p

asc3550

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

hpn

i2omp

ini910u

IntelIde

mraid35x

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

sisagp

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

ViaIde

 

Error - 2008-12-21 04:31:53 | Computer Name = D17MMH1J | Source = DCOM | ID = 10010

Description = Servern {66B093B7-B5E3-4CFE-B32B-FEB55F172481} registrerades inte

med DCOM inom erforderlig timeout.

 

Error - 2008-12-21 10:15:25 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7000

Description = Tjänsten LF Connection Keeper Service kunde inte startas på grund

av följande fel: %%2

 

Error - 2008-12-21 10:25:03 | Computer Name = D17MMH1J | Source = Service Control Manager | ID = 7000

Description = Tjänsten LF Connection Keeper Service kunde inte startas på grund

av följande fel: %%2

 

 

< End of report >

[/log]

HJT

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38:11, on 2008-12-21

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Microsoft SQL Server\MSSQL$INSTANCENAME\Binn\sqlservr.exe

C:\Program\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Eset\nod32kui.exe

C:\Program\HP\HP Software Update\HPWuSchd.exe

C:\Program\HP\hpcoretech\hpcmpmgr.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Garmin\gStart.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluemaster.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade

 

filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows

 

Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program\Intel\Intel Application Accelerator\iaanotif.exe"

O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Creative Detector] C:\Program\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.telia.se/sdccommon/download/tgctlcm.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {DF261D07-7E99-11D4-B2C7-009027A1F18A} (DDI Print Control Class v1.3 [ENU]) -

 

https://eredovisning.postgirot.se/ddrint/work/iedpwenu.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LF Connection Keeper Service (LFCK) - Unknown owner - C:\Program\LennartFranzén\LFConnectionKeeper\lfck.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 8116 bytes

[/log]

 

Link to comment
Share on other sites

Ta bort:

C:\WINDOWS\System32\TDSSlrvd.dat

C:\Documents and Settings\akli\Skrivbord\mbam-setup.exe den verkar lite konstig

 

Vet du vad WebReg är?

[2008-12-20 10:37:28 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20081220103728.job

 

Det var bara en väldigt liten del av OTViewIt-loggen.

 

Vet du vad det här är för något som verkar finnas i Lägg till eller ta bort program:

KU2006Fix

2400_2500Help

KU2007

 

[log]Avinstallera gamla Java-versioner med säkerhetshål:

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 5

Java 2 Runtime Environment, SE v1.4.2_03[/log]

 

Link to comment
Share on other sites

Hej, Jag tog bort Tsslrvd.dat och mbam-setup.

Tog också bort Java-komponenterna du pekade på

 

WebReg och 2400_2500Help vet jag inte vad det är. Ska jag ta bort dem? Hur då?

 

KU2006 och KU2007 är program som skapar "kontrolluppgifter" att skickas till Skatteverket. De är borttagna nu.

 

 

mvh

-Åke

 

 

 

Link to comment
Share on other sites

KU2006 och KU2007 är program som skapar "kontrolluppgifter" att skickas till Skatteverket. De är borttagna nu.
Men då behöver du ju inte ta bort dem.

 

Angående WebReg så är det ju en fil som las till igår 10:37. Vet du vad du höll på med då?

 

2400_2500help kan visst vara något med HP Digital Imaging

 

Link to comment
Share on other sites

Jag tog bort KU2006 oh KU2007 eftersom de aldrig mer kommer att användas. Nästa gång jag ska "göra" kontrolluppgifter hämtar jag program från skatteverket, som med största säkerhet kommer att heta KU2008 :)

 

I går kl 10.37 höll jag förmodligen på med att svettas kring att hämta/installera/avinstallera MBAM. Men datorn hade ju en förmåga att hoppa till fel URL, så jag vet ju inte helt säkert vad jag gjorde.

 

HP Digital Imaging är mycket troligt, eftersom jag har ett sådant program och skulle tro att HP har printer-produkter som heter ungefär HP 2400 el.dyl

 

Jag fantastiskt imponerad av din kunskap och engagemang för alla oss windows-noviser med problem. Tack för det!

 

mvh

-Åke

 

 

Link to comment
Share on other sites

Ja, då var det ju bra att du tog bort de gamla KU-versionerna ;)

 

Igår 10:52 var det något med Nordea:

[2008-12-20 10:55:59 | 00,000,712 | ---- | M] () -- C:\WINDOWS\NAGrid.ini

[2008-12-20 10:52:48 | 00,000,215 | ---- | M] () -- C:\WINDOWS\NordeaAxess_2x.ini

[2008-12-20 10:37:28 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20081220103728.job

[2008-12-20 10:36:06 | 00,000,910 | ---- | M] () -- C:\WINDOWS\WIN.INI

[2008-12-20 10:34:52 | 00,001,264 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini

 

Du kan gå till Kontrollpanelen - Schemalagda aktiviteter och där se vilket program som WebReg-aktiviteten startar.

 

Link to comment
Share on other sites

Ja just det, Jag passade på att göra lite bankärenden medans datorn/Internet fortfarande fungerade, därav spåren till Nordea.

 

Edit:

Jag kom på att jag var tvungen att installera om min printer. Då fick jag uppmaningen att registrera mig HP. Svarade "Påminn mig igen om en månad".

 

Jag ska ta bort det, eftersom jag och min printer redan är reggade...

 

mvh

-Åke

 

 

 

 

 

[inlägget ändrat 2008-12-21 18:19:33 av BlueMaster]

Link to comment
Share on other sites

Då var det säkert förklaringen :thumbsup:

 

Starta OTViewIt och där har du en knapp CleanUp!. Tryck på den så kommer OTViewIt att avinstalleras.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...