Seg start

[Dolphin]

Jag har ett problem med att min dator, en Dell inspiron 1720 segar i uppstarten.

Det tar 3-4 min.

 

Jag har jagat virus med AVG, AD-Aware och Panda active scan utan resultat.

 

Innan jag gör en omformatering vill jag fråga er kunniga på detta forum:

Vad kan det vara?

 

[Laston]

Hej! Det kan ju bero på en mängd olika saker utan att du behöver formatera för det,du har inte installerat en massa program som ligger i autostart tillexempel?

[log]Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen[/log]

 

[flora50]

Se till att inte ha några stora filer på Skrivbordet. Töm

C:\Windows\Temp

C:\Documents and Settings\<konto>\Lokala inställningar\Temp

 

För att komma åt det sista, sätt Utforskaren > Verktyg > Mappalternativ... > Visning > Visa dolda filer och mappar

 

Prova att logga in på ett annat konto (skapa ett om du inte har nåt annat). Om detta fungerar bättre, kopiera över Mina dokument mm, och ta sedan bort det gamla i Kontrollpanelen > Användarkonton. Filerna försvinner inte, de får du radera för hand.

 

[Dolphin]

Jag har prövat att rensa skrivbord och ändrat användare men, det ligger längre ner. Det är vid uppstarten av win xp'n det segar.

Kan det ligga i BIOS?

 

Jag är inte så hemma där.

 

 

[inlägget ändrat 2009-02-21 01:17:06 av Dolphin]

[Dolphin]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:26:37, on 2009-02-21

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\SAU KP\Translate.Net\Translate.Net.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Registry Mechanic\RegMech.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: mstoanrd - {01D4C028-61FF-43ED-A49F-25E39D1A70AD} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TransBar] C:\Program\AKSoftware\TransBar\TransBar.exe /s

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Translate.Net] C:\Program\SAU KP\Translate.Net\Translate.Net.exe -skipsplash

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [TransBar] C:\Program\AKSoftware\TransBar\TransBar.exe /s (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-329068152-602609370-1417001333-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Dolphin')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll lcwcsd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 9374 bytes

[/log]

 

[Laston]

Hej!Din dator är infekterad med bla en Backdoor trojan så det förklarar väl segheten!Avinstallera denna VistaDrive om den finns i Lägg Till/ Ta Bort Program

 

[log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

[inlägget ändrat 2009-02-21 09:25:07 av Laston]

[inlägget ändrat 2009-02-21 09:27:07 av Laston]

[herrsnubben]

förutom Virus borttagning...

 

Töm alla temp filer m.m Jag brukar använda CCleaner, gratis program

 

http://www.filehippo.com/download_ccleaner/

 

mvh Max

 

[Dolphin]

Jag har gjort som du skrev.

Hittade Vista Drive och tog bort den.

 

MBAM hittade inget.

 

Här är loggen:

 

[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1792

Windows 5.1.2600 Service Pack 3

 

2009-02-22 12:36:01

mbam-log-2009-02-22 (12-36-01).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 62733

Förfluten tid: 8 minute(s), 2 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

Här den nya HijackThis-loggen:

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:37:15, on 2009-02-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: mstoanrd - {01D4C028-61FF-43ED-A49F-25E39D1A70AD} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TransBar] C:\Program\AKSoftware\TransBar\TransBar.exe /s

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Translate.Net] C:\Program\SAU KP\Translate.Net\Translate.Net.exe -skipsplash

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [TransBar] C:\Program\AKSoftware\TransBar\TransBar.exe /s (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-329068152-602609370-1417001333-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Dolphin')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll lcwcsd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 9345 bytes

[/log]

 

Tack för att du tar dig tid.

 

[Laston]

Ok är datorn fortfarande seg i uppstart nu?

Skanna med HijackThis och bocka för:

O3 - Toolbar: mstoanrd - {01D4C028-61FF-43ED-A49F-25E39D1A70AD} - (no file)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java och J2SEutom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

[inlägget ändrat 2009-02-22 12:55:39 av Laston]

[Dolphin]

Den går snabbare fram tills att skrivbordet kommer upp. Sen är den seg innan allt är installerat.

 

Det kanske är att jag har för många processer gående. Skall se över det.

 

Var vänlig och släng en sista koll på:

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:32:13, on 2009-02-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\Registry Mechanic\RegMech.exe

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program\Delade filer\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TransBar] C:\Program\AKSoftware\TransBar\TransBar.exe /s

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Translate.Net] C:\Program\SAU KP\Translate.Net\Translate.Net.exe -skipsplash

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [TransBar] C:\Program\AKSoftware\TransBar\TransBar.exe /s (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-329068152-602609370-1417001333-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Dolphin')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll lcwcsd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 9191 bytes

[/log]

 

Tack än en gång och en poäng är given.

 

[Laston]

Hej! Loggan är ren och fin nu! Ja det finns ju en del program som auto startar som inte behöver göra det,på denna sida kan du kolla vilka som behöver autostarta och vilka som inte behöver det!

http://www.bleepingcomputer.com/startups/

Tack för poäng då

 

[Dolphin]

OK jag skall rensa upp ibland startprocesserna.

 

Du är guld värd. Ha en bra dag.

 

[Cecilia]

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java och J2SEutom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

[Dolphin]

Jag försöker men det händer inget när jag trycker pä "Gratis Java-hämtning".

 

[Cecilia]

Hmm, undrar vad det kan bero på. Du kan hämta installationsfiler från sidan

http://www.java.com/sv/download/manual.jsp i stället.

 

[Dolphin]

Tack.

Nu är det gjort.

 

Du hjälpte mig för några år sen också när jag hade problem.

 

Kram.

 

[Cecilia]

Kul att ses igen och tack för poängen!

 

 

[Dolphin]

Felet har återkommit. Jag vet inte men det verkar komma med att jag kör Acronis True Image. Det tar evigheter att skapa en backup.

Vill du eller Laston titta på logen och se om där har kommit till nå't nytt skit.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:13:34, on 2009-03-04

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\AVG\AVG8\avgnsx.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/ie

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll lcwcsd.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 8155 bytes

[/log]

 

[Laston]

Hej! Det finns en del otrevligheter vad jag kan se så vi tar till ComboFix[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[/log]

 

[Dolphin]

Tog lite tid det där.

 

Här är loggen:

 

[log]

ComboFix 09-03-03.01 - Sten Bergman 2009-03-04 20:49:36.1 - NTFSx86

Körs från: c:\documents and settings\Sten Bergman\Skrivbord\ComboFix.exe

* Skapade en ny återställningspunkt

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-02-04 till 2009-03-04 ))))))))))))))))))))))))))))))

.

 

2009-03-04 20:42 . 2009-03-04 20:41 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-03-04 20:39 . 2009-03-04 20:39 <KAT> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-03-04 19:55 . 2009-03-04 20:38 <KAT> d-------- c:\program\Lavasoft

2009-03-04 07:17 . 2009-03-04 07:17 <KAT> d-------- c:\program\Absolute Uninstaller

2009-03-04 07:05 . 2009-03-04 07:22 <KAT> d-------- c:\program\Unlocker

2009-03-04 07:05 . 2009-03-04 07:07 <KAT> d-------- c:\documents and settings\Sten Bergman\Application Data\Desktopicon

2009-03-04 06:59 . 2009-03-04 06:59 <KAT> d-------- c:\program\VS Revo Group

2009-03-02 00:04 . 2009-03-02 00:04 <KAT> dr------- c:\program\Skype

2009-03-02 00:04 . 2009-03-02 00:04 <KAT> d-------- c:\program\Delade filer\Skype

2009-02-26 06:43 . 2009-02-26 06:43 <KAT> d-------- c:\program\Auslogics

2009-02-26 06:43 . 2009-02-26 06:43 <KAT> d-------- c:\documents and settings\Sten Bergman\Application Data\Auslogics

2009-02-23 11:15 . 2009-02-23 11:15 <KAT> d-------- c:\program\Uniblue

2009-02-23 11:14 . 2009-02-23 11:15 <KAT> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-02-22 23:17 . 2009-02-22 23:16 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-22 12:01 . 2009-02-22 12:01 <KAT> d-------- c:\program\COMODO

2009-02-22 12:01 . 2009-02-22 12:01 <KAT> d-------- c:\documents and settings\Sten Bergman\Application Data\ComodoGroup

2009-02-22 12:01 . 2009-02-10 10:24 39,440 --a------ c:\windows\system32\drivers\csdf.sys

2009-02-22 12:01 . 2009-02-10 10:28 36,752 --a------ c:\windows\system32\drivers\crpf.sys

2009-02-22 12:01 . 2009-02-10 10:26 7,920 --a------ c:\windows\system32\cnat.exe

2009-02-21 06:17 . 2009-02-21 06:17 <KAT> d-------- c:\windows\RegCure

2009-02-21 06:17 . 2009-02-21 06:19 <KAT> d-------- c:\program\RegCure

2009-02-21 02:39 . 2009-02-21 02:39 <KAT> dr------- c:\documents and settings\Dolphin\Start-meny

2009-02-21 02:39 . 2009-02-21 02:39 <KAT> d-------- c:\documents and settings\Dolphin\Skrivbord

2009-02-21 02:39 . 2009-02-21 02:39 <KAT> d--h----- c:\documents and settings\Dolphin\Skrivare

2009-02-21 02:39 . 2009-02-21 02:39 <KAT> d--h----- c:\documents and settings\Dolphin\Nätverket

2009-02-21 02:39 . 2009-02-21 02:39 <KAT> dr------- c:\documents and settings\Dolphin\Mina dokument

2009-02-21 02:38 . 2009-03-04 08:24 <KAT> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-21 01:18 . 2009-02-21 01:18 <KAT> d-------- c:\program\Trend Micro

2009-02-21 00:53 . 2009-02-21 02:25 <KAT> d--h----- c:\documents and settings\Dolphin\Mallar

2009-02-21 00:53 . 2009-02-21 02:39 <KAT> d--h----- c:\documents and settings\Dolphin\Lokala inställningar

2009-02-21 00:53 . 2009-02-21 02:25 <KAT> dr------- c:\documents and settings\Dolphin\Favoriter

2009-02-21 00:53 . 2008-07-04 23:16 <KAT> d-------- c:\documents and settings\Dolphin\Application Data\Intel

2009-02-21 00:53 . 2009-02-21 02:25 <KAT> d-------- c:\documents and settings\Dolphin

2009-02-21 00:53 . 2008-04-15 13:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-19 18:52 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-02-19 18:51 . 2009-02-19 18:51 <KAT> d-------- c:\program\Panda Security

2009-02-10 12:15 . 2009-02-11 18:27 <KAT> d-------- c:\program\Adobe Media Player

2009-02-10 12:13 . 2009-02-10 12:13 <KAT> d-------- c:\program\Delade filer\Adobe AIR

2009-02-10 12:04 . 2009-02-10 12:04 <KAT> d-------- c:\program\Delade filer\Macrovision Shared

2009-02-09 16:19 . 2009-02-09 16:19 <KAT> d-------- c:\documents and settings\All Users\Application Data\Winferno

2009-02-09 16:15 . 2009-02-09 16:15 <KAT> d-------- c:\program\Smith Micro

2009-02-09 16:15 . 2009-02-11 18:39 <KAT> d-------- c:\documents and settings\All Users\Application Data\Smith Micro

2009-02-09 16:14 . 2009-02-09 16:14 <KAT> d-------- c:\program\Winferno

2009-02-09 15:52 . 2009-02-09 15:52 <KAT> d-------- c:\program\Google

2009-02-07 05:52 . 2009-02-23 11:15 <KAT> d-------- c:\documents and settings\Sten Bergman\Application Data\Uniblue

2009-02-07 05:52 . 2009-02-07 05:58 <KAT> d-------- c:\documents and settings\All Users\Application Data\DriverScanner

2009-02-04 06:47 . 2009-02-04 13:59 230 --a------ C:\config.xml

2009-02-04 06:46 . 2009-02-04 06:46 <KAT> d-------- c:\program\Delade filer\ASCOM

2009-02-04 06:46 . 2009-02-04 06:46 <KAT> d-------- c:\program\ASCOM

2009-02-04 06:41 . 2009-02-04 06:41 <KAT> d-------- c:\program\Microsoft Research

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-04 19:38 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-03-04 19:34 --------- d-----w c:\documents and settings\Sten Bergman\Application Data\Skype

2009-03-04 19:07 --------- d-----w c:\documents and settings\Sten Bergman\Application Data\skypePM

2009-03-04 06:37 --------- d-----w c:\program\CCleaner

2009-03-04 05:59 --------- d-----w c:\program\VS Revo Group

2009-03-04 05:38 --------- d-----w c:\program\Delade filer\Adobe

2009-03-01 23:04 --------- d-----w c:\documents and settings\All Users\Application Data\Skype

2009-03-01 21:17 --------- d-----w c:\program\Microsoft Silverlight

2009-02-22 22:20 --------- d-----w c:\program\Java

2009-02-22 11:27 --------- d-----w c:\program\Malwarebytes' Anti-Malware

2009-02-21 05:21 --------- d-----w c:\documents and settings\Sten Bergman\Application Data\uTorrent

2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-02-09 15:26 --------- d-----w c:\documents and settings\All Users\Application Data\Acronis

2009-02-01 00:16 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2009-01-31 07:31 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-01-31 07:31 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-31 07:31 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-26 18:44 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys

2009-01-26 18:44 21,361 ----a-w c:\windows\AegisP.sys

2009-01-22 01:25 --------- d-----w c:\documents and settings\Sten Bergman\Application Data\XnView

2008-07-04 19:23 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

2008-07-04 19:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

2008-07-04 19:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

2008-07-04 19:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008070420080705\index.dat

.

 

------- Sigcheck -------

 

2008-04-28 22:02 976384 bcda7a0bd489b6cf8427bd37026d7f0d c:\windows\explorer.exe

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

"Skype"="c:\program\Skype\Phone\Skype.exe" [2009-01-29 23975720]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]

"AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]

"IntelZeroConfig"="c:\program\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]

"IntelWireless"="c:\program\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]

"NeroFilterCheck"="c:\program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"OSSelectorReinstall"="c:\program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-02-22 148888]

"Ad-Watch"="c:\program\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-04 515416]

"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-01-31 08:31 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

--a------ 2007-10-30 20:07 140568 c:\program\Delade filer\Acronis\Schedule2\schedhlp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

--a------ 2007-10-30 20:11 909208 c:\program\Acronis\TrueImageHome\TimounterMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-06-12 02:38 34672 c:\program\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-07-30 09:47 289064 c:\program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

--a------ 2007-10-30 20:06 2595616 c:\program\Acronis\TrueImageHome\TrueImageMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

--a------ 2008-05-02 05:15 15872 c:\program\Unlocker\UnlockerAssistant.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" -osboot

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program\\AVG\\AVG8\\avgemc.exe"=

"d:\\Documents and Settings\\Sten Bergman\\Mina dokument\\Downloads\\hfs.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"c:\\Program\\Delade filer\\Nero\\Nero Web\\SetupX.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program\\Joost\\xulrunner\\tvprunner.exe"=

"c:\\Documents and Settings\\Sten Bergman\\Skrivbord\\hfs.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

 

R0 crpf;crpf;c:\windows\system32\drivers\crpf.sys [2009-02-22 36752]

R0 csdf;csdf;c:\windows\system32\drivers\csdf.sys [2009-02-22 39440]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-04 64160]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-19 28544]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-04 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-04 107272]

R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872]

R2 avg8emc;AVG8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2008-07-06 903960]

R2 avg8wd;AVG8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2008-07-06 298264]

R2 GtFlashSwitch;GtFlashSwitch;c:\program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]

S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\drivers\Gtm51Irp.sys [2007-04-14 122496]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-04-14 8064]

S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007-04-14 37120]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - HELPSVC

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-03-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-04 20:41]

 

2009-03-04 c:\windows\Tasks\GlaryInitialize.job

- c:\program\Glary Utilities\initialize.exe [2008-09-17 15:35]

 

2009-03-04 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

 

2009-03-04 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

 

2009-03-04 c:\windows\Tasks\RegCure Program Check.job

- c:\program\RegCure\RegCure.exe [2007-08-02 10:20]

 

2009-02-26 c:\windows\Tasks\RegCure.job

- c:\program\RegCure\RegCure.exe [2007-08-02 10:20]

 

2009-03-04 c:\windows\Tasks\RegPowerClean.job

- c:\program\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

 

2009-02-11 c:\windows\Tasks\RPCReminder.job

- c:\program\Winferno\RegistryPowerCleaner\RPCReminder.exe []

.

.

------- Extra genomsökning -------

.

uStart Page =

IE: E&xportera till Microsoft Excel

TCP: {09CA574E-AC73-4C58-958B-84E530F3628E} = 84.246.88.10,84.246.88.20

FF - ProfilePath - c:\documents and settings\Sten Bergman\Application Data\Mozilla\Firefox\Profiles\0oeuwm0j.defaultFF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.eniro.se/

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program\Mozilla Firefox\plugins\npJoostPlugin.dll

 

---- FIREFOX POLICY ----

c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 20:59:20

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"D140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(1104)

c:\windows\system32\netprovcredman.dll

 

- - - - - - - > 'lsass.exe'(1160)

c:\windows\system32\relog_ap.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Intel\Wireless\Bin\S24EvMon.exe

c:\program\Delade filer\Acronis\Schedule2\schedul2.exe

c:\program\Intel\Wireless\Bin\EvtEng.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program\AVG\AVG8\avgrsx.exe

c:\windows\system32\nvsvc32.exe

c:\program\AVG\AVG8\avgnsx.exe

c:\program\Intel\Wireless\Bin\RegSrvc.exe

c:\program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

c:\program\Intel\Wireless\Bin\WLKEEPER.exe

c:\program\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program\Delade filer\Nero\Lib\NMIndexingService.exe

c:\program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

c:\program\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Sluttid: 2009-03-04 21:09:06 - datorn startades om.

ComboFix-quarantined-files.txt 2009-03-04 20:08:58

 

Före genomsökningen: 65 151 913 984 byte ledigt

Efter genomsökningen: 65,303,429,120 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

258 --- E O F --- 2009-02-27 02:01:12

[/log]

 

[Laston]

Hej!ComboFix var ju inte mycket till hjälp så vi får ta till ett annat verktyg![log]Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck OK och senare Y följt av Enter för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Om SDFix inte startar automatiskt efter omstarten av datorn så startar du Runthis.bat som förut men trycker F i stället för Y.

 

Om loggen inte kommer upp automatiskt så öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i loggen i ditt svar här.

Skapa en ny HijackThis-logg också och klistra in här.[/log]

 

[Dolphin]

Här är loggen:

 

[log]SDFix: Version 1.240

Run by Sten Bergman on 2009-03-04 at 22:30

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\Sten Bergman\Favoriter\Malware Defender.url - Deleted

C:\Documents and Settings\Sten Bergman\Favoriter\Protect Your Privacy.url - Deleted

C:\Documents and Settings\Sten Bergman\Favoriter\System Error Fixer.url - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-04 22:41:37

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:31,b1,3f,6e,11,59,8f,2d,96,b0,45,98,36,77,26,5b,cb,be,e6,fa,a2,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,d8,78,e7,71,98,87,7e,f4,d8,3b,4c,58,5c,a8,c0,ae,fe,..

"khjeh"=hex:22,36,4d,e4,b3,bf,0c,76,be,4c,25,bd,0f,56,87,6f,47,4c,c3,6d,2c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9f,21,be,4b,bb,25,c7,5a,29,69,97,6b,58,fe,4c,80,f7,a6,af,30,b9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program\DAEMON Tools Lite\"

"h0"=dword:00000000

"khjeh"=hex:31,b1,3f,6e,11,59,8f,2d,96,b0,45,98,36,77,26,5b,cb,be,e6,fa,a2,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,d8,78,e7,71,98,87,7e,f4,d8,3b,4c,58,5c,a8,c0,ae,fe,..

"khjeh"=hex:22,36,4d,e4,b3,bf,0c,76,be,4c,25,bd,0f,56,87,6f,47,4c,c3,6d,2c,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:9f,21,be,4b,bb,25,c7,5a,29,69,97,6b,58,fe,4c,80,f7,a6,af,30,b9,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000163

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"

"C:\\Program\\AVG\\AVG8\\avgupd.exe"="C:\\Program\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

"C:\\Program\\AVG\\AVG8\\avgemc.exe"="C:\\Program\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"

"D:\\Documents and Settings\\Sten Bergman\\Mina dokument\\Downloads\\hfs.exe"="D:\\Documents and Settings\\Sten Bergman\\Mina dokument\\Downloads\\hfs.exe:*:Enabled:hfs"

"C:\\Program\\Mozilla Firefox\\firefox.exe"="C:\\Program\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program\\Delade filer\\Nero\\Nero Web\\SetupX.exe"="C:\\Program\\Delade filer\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"

"C:\\Program\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"

"C:\\Documents and Settings\\Sten Bergman\\Skrivbord\\hfs.exe"="C:\\Documents and Settings\\Sten Bergman\\Skrivbord\\hfs.exe:*:Enabled:hfs"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sat 1 Nov 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

 

Finished!

 

[/log]

 

Och Hijack:

 

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:49:51, on 2009-03-04

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Intel\Wireless\Bin\S24EvMon.exe

C:\Program\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

C:\Program\AVG\AVG8\avgwdsvc.exe

C:\Program\Intel\Wireless\Bin\EvtEng.exe

C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Intel\Wireless\Bin\RegSrvc.exe

C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program\Intel\Wireless\Bin\WLKeeper.exe

C:\Program\AVG\AVG8\avgemc.exe

C:\Program\AVG\AVG8\avgcsrvx.exe

C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\AVG\AVG8\avgtray.exe

C:\Program\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [AVG8_TRAY] C:\Program\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program\Delade filer\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS1\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O17 - HKLM\System\CS2\Services\Tcpip\..\{09CA574E-AC73-4C58-958B-84E530F3628E}: NameServer = 84.246.88.10,84.246.88.20

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program\Delade filer\Acronis\Schedule2\schedul2.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GtFlashSwitch - OptionNV - C:\Program\Delade filer\GtFlashSwitch\GtFlashSwitch.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program\Delade filer\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 7383 bytes

[/log]

 

[Laston]

Där fick vi bättre hjälp,mycket bra! Kolla för säkerhets skull även sväng med Malwarebytes också![log]Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg[/log]

 

[Dolphin]

Inga infekterade objekt i Malwarebytes.

 

Allt verkar funka normalt nu.

En poäng är givet.

 

Tack för att du tog dig tid.

 

En sista fråga bara. Vet du om det kan vara ett av mina program som är smittat eller har det kommit utifrån?

 

[Laston]

Hej! Vad bra,du borde avinstallera dessa program för dom är inte bra att ha i din dator!

c:\program\Winferno

c:\program\RegCure

http://www.mywot.com/sv/scorecard/regcure.com

 

Mvh Laston