hitjack this

[peran]

Hej vill nån som kan kolla min logg, min dator är trögare än vanLogfile of HijackThis v1.99.1

Scan saved at 13:11:05, on 2006-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\Program\fspex.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\FSGK32.EXE

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fssm32.exe

C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

C:\Program\Glocalnet Säkerhetspaket\Common\FSMB32.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FCH32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FAMEH32.EXE

C:\WINDOWS\system32\UAService7.exe

C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsav32.exe

C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program\Messenger Plus! 3\MsgPlus.exe

C:\HP\KBD\KBD.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE

C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe

C:\Program\Glocalnet Säkerhetspaket\FSGUI\fsguiexe.exe

C:\Program\Java\jre1.5.0_08\bin\jusched.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\MSNMES~2\msnmsgr.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\WinRAR\WinRAR.exe

C:\DOCUME~1\GARE~1.DIT\LOKALA~1\Temp\Rar$EX00.812\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sv8.hpwis.com/'>http://sv8.hpwis.com/'>http://sv8.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sv8.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sv8.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Säkerhetspaket\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Säkerhetspaket\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program\Glocalnet Säkerhetspaket\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_08\bin\jusched.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\nbj.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSNMES~2\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_08\bin\ssv.dll

O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://korthuset.seavus.com/ImageUploader3.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~2\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Glocalnet Säkerhetspaket (BackWeb Client - 1334833) - Unknown owner - C:\Program\GLOCAL~1\backweb\1334833\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Glocalnet Säkerhetspaket\backweb\1334833\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Säkerhetspaket\Common\FSMA32.EXE

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

ligt.

 

[Daemonmonkey]

Jag ser att du har MyWebSearch installerat (R3). Detta är känt för att vara spyvara, så den borde du ta bort.

 

Nåt med PartyPoker, jag undrar spelar du? Om inte så har du här också något

==================

On a world without walls and fences, who needs Windows and Gates?

 

[927]

 

med nästan 30 program som startar med windows så blir det segt.

allt med nero, office, adoble och hp kan du du börja med att rensa bort

(skriv msconfig i kör>ok>fliken autostart)

 

testa sen att starta om datorn och se hur det går