Just nu i M3-nätverket
Jump to content

Autostart


umeboy

Recommended Posts

varge gång jag startar datorn öppnas explorer och går tiorn med ll en sida som matar datorn med ISTbar 180serch ist powerscan och en massa skit....när jag kör antispyware tar den bort allting. har letat i startup programs men hittar inget som startar webbläsaren???? vart i helvete har dom lagt in så att webbläsaren startar när jag startar datorn och går till denna helvetes sida???

 

Link to comment
Share on other sites

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Winamp\winampa.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\wmplayer.exe

C:\WINDOWS\svchost.exe

C:\Program\HP\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Java\jre1.5.0_02\bin\jusched.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nav32.exe

C:\Program\ICQ\ICQ.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Internet Explorer\iexplore.exe

C:\cs\Fix180Sh.exe

C:\Program\Winamp\Winamp.exe

C:\cs\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01'>http://g.msn.se/0SESVSE/SAOS01

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/'>http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS01

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.4000.1001\sv\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\HP\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program\ICQ\ICQNet.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe

O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [slXWuoA2] C:\WINDOWS\oageys.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [system] nav32.exe

O4 - HKLM\..\RunServices: [Windows Media Player] wmplayer.exe

O4 - HKLM\..\RunServices: [system] nav32.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [system] nav32.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\RunServices: [system] nav32.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program\ICQToolbar\toolbaru.dll/SEARCH.HTML

O8 - Extra context menu item: &NeoTrace It! - C:\Program\NEOTRA~1\NTXcontext.htm

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\Program\NEOTRA~1\NTXtoolbar.htm (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2117287151768e82a817/netzip/RdxIE601.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104072893397

O18 - Filter: text/html - {3FAF5743-3236-4845-8377-02009AA5353A} - C:\Documents and Settings\Maskintjänst\Lokala inställningar\Application Data\microsoft\internet explorer\V0.26.dat

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

 

 

Link to comment
Share on other sites

 

bocka för dessa

 

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

 

O4 - HKLM\..\Run: [Windows Media Player] wmplayer.exe

O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [slXWuoA2] C:\WINDOWS\oageys.exe

 

O4 - HKCU\..\Run: [system] nav32.exe

 

O4 - HKCU\..\RunServices: [system] nav32.exe

 

O18 - Filter: text/html - {3FAF5743-3236-4845-8377-02009AA5353A} - C:\Documents and Settings\Maskintjänst\Lokala inställningar\Application

 

klicka på fix checked.

 

ta bort filerna (om dom hittas),

går dom inte få bort så får du starta om i felsäkert läge. då funkar det:

 

C:\WINDOWS\svchost.exe

C:\WINDOWS\oageys.exe

nav32.exe

wmplayer.exe

O18 - Filter: text/html - {3FAF5743-3236-4845-8377-02009AA5353A} - C:\Documents and Settings\Maskintjänst\Lokala inställningar\Application Data\microsoft\internet explorer\V0.26.dat <--

 

 

jag är lite osäker på

[slXWuoA2] C:\WINDOWS\oageys.exe

 

om du vill så kolla egenskaper på filen osv, du kan även skicka upp den hit för en scan

http://virusscan.jotti.org

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...