Just nu i M3-nätverket
Jump to content

winfix, errorsafe, trojan adclicker etc


ande

Recommended Posts

Hej IDG

 

Häromdagen så fick jag en massa skit med i en fil jag ladda ner. Jag läste artikeln http://eforum4.idg.se/viewmsg.asp?EntriesId=883161 och följde instruktionerna eftersom jag tyckte att det verkade likna det jag hade. Allt verkar fungera fint men det verkar fortfarande som filen som jag installerade är kvar någonstans och försöker installera om sig själv.

Tack på förhand!

 

Här är min logg om jag gjort rätt

 

Logfile of HijackThis v1.99.1

Scan saved at 22:35:43, on 2007-05-01

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\Program\ewido\security suite\ewidoguard.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Winamp\winampa.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\D-Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Hijackthis\rensning.exe.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\ekpuquhi.dll (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {37BFD090-172D-449F-8F94-A362C307DE22} - C:\WINDOWS\system32\mljgd.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {55A68651-7092-4ACE-9005-43B3B996AC13} - C:\WINDOWS\system32\pmnnl.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [spyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [A00F63A239.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63A239.exe

O4 - HKCU\..\Run: [A00F63AAC5.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63AAC5.exe

O4 - HKCU\..\Run: [Restore Operation] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\svchots.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll (file missing)

O20 - Winlogon Notify: pmnnl - C:\WINDOWS\system32\pmnnl.dll (file missing)

O20 - Winlogon Notify: __c00BA94B - C:\WINDOWS\system32\__c00BA94B.dat

O20 - Winlogon Notify: __c00BCAA7 - C:\WINDOWS\system32\__c00BCAA7.dat

O20 - Winlogon Notify: __c00D63C1 - C:\WINDOWS\system32\__c00D63C1.dat

O20 - Winlogon Notify: __c00FDAFA - C:\WINDOWS\system32\__c00FDAFA.dat

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: ewido security suite guard - ewido networks - C:\Program\ewido\security suite\ewidoguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

 

 

 

 

Link to comment
Share on other sites

 

avinstallera spyhunter.

uppdatera javan till 1.6, avinstallera den gamla.

är det en trial du har av spyware sweeper?

 

installera >uppdatera superantispyware.

scan computer >välj complete scan >klicka på next >starta om.

öppna superantispyware >preferences >statistics/logs >markera senaste loggen >view >kopiera in det i loggen här.

http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe

 

Link to comment
Share on other sites

Tack för ditt snabba svar. Skannar över natten och läggger upp loggen imorgon

 

 

Link to comment
Share on other sites

Tack!

Såg ganksa givande ut.

 

Här är loggen.

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/03/2007 at 00:36 AM

 

Application Version : 3.7.1018

 

Core Rules Database Version : 3229

Trace Rules Database Version: 1240

 

Scan type : Complete Scan

Total Scan Time : 00:59:42

 

Memory items scanned : 576

Memory threats detected : 0

Registry items scanned : 5916

Registry threats detected : 4

File items scanned : 63326

File threats detected : 37

 

Adware.Vundo Variant

HKLM\Software\Classes\CLSID\{9E43F005-64A8-43A4-960A-CFF8090BFE3E}

HKCR\CLSID\{9E43F005-64A8-43A4-960A-CFF8090BFE3E}

HKCR\CLSID\{9E43F005-64A8-43A4-960A-CFF8090BFE3E}\InprocServer32

HKCR\CLSID\{9E43F005-64A8-43A4-960A-CFF8090BFE3E}\InprocServer32#ThreadingModel

C:\WINDOWS\SYSTEM32\AWVVW.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@atdmt[1].txt

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@adtech[2].txt

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@msnportal.112.2o7[1].txt

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@doubleclick[2].txt

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@tradedoubler[2].txt

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@tripod[1].txt

C:\Documents and Settings\HP_Ägaren\Cookies\hp_ägaren@cgi-bin[2].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@ad.zanox[2].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@advertising[2].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@atdmt[2].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@banner.cdpoker[2].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@clicktorrent[1].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@counter15.sextracker[1].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@doubleclick[1].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@msnportal.112.2o7[1].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@overture[2].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@sextracker[1].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@statse.webtrendslive[1].txt

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\Cookies\hp_ägaren@tradedoubler[1].txt

 

Trojan.Downloader-System Safety Alerter

C:\DOCUMENTS AND SETTINGS\HP_ÄGAREN\LOKALA INSTäLLNINGAR\TEMP\LAF106.TMP

 

Trojan.Downloader-UPNP/Fake

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP14\A0048490.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP16\A0048525.EXE

 

Trojan.Downloader-Gen/HardFall

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP14\A0048497.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP28\A0051058.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP30\A0052135.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP30\A0052137.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP30\A0057262.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP30\A0057264.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0067449.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0067452.DLL

 

Trojan.Downloader-Gen/LIB

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0059359.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0059362.DLL

 

Trojan.Downloader-CREW

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0059360.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0059363.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0059397.DLL

 

Trojan.Downloader-Gen/RetAd

C:\SYSTEM VOLUME INFORMATION\_RESTORE{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP31\A0067450.EXE

 

 

Link to comment
Share on other sites

 

nja, kör detta program oxå.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

spara filen på skrivbordet >klicka på SDFix.exe >sdfixen packas upp här: C:\SDFix.

 

starta om i felsäkert läge (F8) >gå hit: C:\SDFix >klicka på runthis.bat >välj y.

 

när scanningen är klar så tryck på valfri tangent för att starta om.

när det står finished så tryck på valfri tangent. en logg kommer automatiskt att visas, kopiera in loggen här. posta även en ny HJT logg

 

Link to comment
Share on other sites

Okej här är mina loggar

 

SDFix: Version 1.81

 

Run by HP_Žgaren - 2007-05-03 - 17:55:01,84

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

Normal Mode:

Checking Files:

 

Below files will be copied to Backups folder then removed:

 

C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\wnset.exe - Deleted

C:\WINDOWS\odbc.INI - Deleted

 

 

 

Removing Temp Files

 

ADS Check:

 

Checking if ADS is attached to system32 Folder

C:\WINDOWS\system32

No streams found.

 

Checking if ADS is attached to svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

"C:\\WINDOWS\\system32\\lxcgcoms.exe"="C:\\WINDOWS\\system32\\lxcgcoms.exe:*:Enabled:2300 Series"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program\\BitComet\\BitComet.exe"="C:\\Program\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

 

Remaining Files:

---------------

 

Backups Folder: - C:\SDFix\backups\backups.zip

 

Checking For Files with Hidden Attributes:

 

C:\Program\BitComet\Downloads\American Dad 101-117[TankaFett.Com]\Thumbs.db

C:\Program\BitComet\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\AlbumArtSmall.jpg

C:\Program\BitComet\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\AlbumArt_{EA725ACA-26B1-4712-96DA-67A8F0B0161C}_Large.jpg

C:\Program\BitComet\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\AlbumArt_{EA725ACA-26B1-4712-96DA-67A8F0B0161C}_Small.jpg

C:\Program\BitComet\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\desktop.ini

C:\Program\BitComet\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Scissor Sisters - Ta-Dah (2006) - Pop [www.torrentazos.com]\Folder.jpg

C:\Program\Microsoft Works Suite 2005\Setup\EulaRegn.dll

C:\Program\Microsoft Works Suite 2005\Setup\mnyinsta.dll

C:\Program\Microsoft Works Suite 2005\Setup\setuplng.dll

C:\Program\Microsoft Works Suite 2005\Setup\wkernlng.dll

C:\Program\Microsoft Works Suite 2005\Setup\launcher.exe

C:\Program\Microsoft Works Suite 2005\Setup\RmvSuite.exe

C:\Program\Microsoft Works Suite 2005\Setup\unregwtr.exe

C:\Documents and Settings\HP_Žgaren\Mina dokument\~WRL2313.tmp

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9f65b635abddc161fa74318544db06de\BIT5.tmp

C:\WINDOWS\system32\lnnmp.tmp

C:\WINDOWS\system32\nqtwa.tmp

 

Finished

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:09:37, on 2007-05-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\iTunes\iTunesHelper.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Winamp\winampa.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\D-Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\rensning.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [A00F63A239.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63A239.exe

O4 - HKCU\..\Run: [A00F63AAC5.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63AAC5.exe

O4 - HKCU\..\Run: [Restore Operation] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\svchots.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: msmsgs.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: __c00BA94B - C:\WINDOWS\system32\__c00BA94B.dat

O20 - Winlogon Notify: __c00BCAA7 - C:\WINDOWS\system32\__c00BCAA7.dat

O20 - Winlogon Notify: __c00D63C1 - C:\WINDOWS\system32\__c00D63C1.dat

O20 - Winlogon Notify: __c00FDAFA - C:\WINDOWS\system32\__c00FDAFA.dat

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

 

För övrigt så verkar de slagit ut mitt norton också. Jag hade mer en 200 dagar kvar men nu står det 0.

 

 

 

 

Link to comment
Share on other sites

 

jag håller på och kollar upp två saker men så länge kan du fixa detta.

här finns senaste java

http://www.java.com/sv/download/

 

hämta detta program och töm alla temp mappar

http://www.atribune.org/ccount/click.php?id=1

 

gör en scan med hjt, bocka för dessa rader

O4 - HKCU\..\Run: [A00F63A239.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63A239.exe

O4 - HKCU\..\Run: [A00F63AAC5.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63AAC5.exe

O4 - HKCU\..\Run: [Restore Operation] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\svchots.exe

 

klicka på knappaen fix checked.

 

 

 

Link to comment
Share on other sites

 

okej klar :)

 

Logfile of HijackThis v1.99.1

Scan saved at 22:45:11, on 2007-05-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Winamp\winampa.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\D-Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\msmsgs.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Steam\steam.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\BitComet\BitComet.exe

C:\Program\Hijackthis\rensning.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [A00F63A239.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63A239.exe

O4 - HKCU\..\Run: [A00F63AAC5.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63AAC5.exe

O4 - HKCU\..\Run: [Restore Operation] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\svchots.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: __c00BA94B - C:\WINDOWS\system32\__c00BA94B.dat

O20 - Winlogon Notify: __c00BCAA7 - C:\WINDOWS\system32\__c00BCAA7.dat

O20 - Winlogon Notify: __c00D63C1 - C:\WINDOWS\system32\__c00D63C1.dat

O20 - Winlogon Notify: __c00FDAFA - C:\WINDOWS\system32\__c00FDAFA.dat

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

 

 

 

Link to comment
Share on other sites

du kan avistallera den gamla javan, 1.4.2

 

om du ser dessa filer så ta en kopia på dom, lägg dom i en mapp och packa den med tex winrar eller winzip. sen mailar du mig den filen

C:\WINDOWS\system32\__c00BA94B.dat

C:\WINDOWS\system32\__c00BCAA7.dat

C:\WINDOWS\system32\__c00D63C1.dat

C:\WINDOWS\system32\__c00FDAFA.dat

 

 

bocka för för dessa i hjt

O4 - HKCU\..\Run: [A00F63A239.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63A239.exe

O4 - HKCU\..\Run: [A00F63AAC5.exe] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\_A00F63AAC5.exe

O4 - HKCU\..\Run: [Restore Operation] C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\svchots.exe

 

O20 - Winlogon Notify: __c00BA94B - C:\WINDOWS\system32\__c00BA94B.dat

O20 - Winlogon Notify: __c00BCAA7 - C:\WINDOWS\system32\__c00BCAA7.dat

O20 - Winlogon Notify: __c00D63C1 - C:\WINDOWS\system32\__c00D63C1.dat

O20 - Winlogon Notify: __c00FDAFA - C:\WINDOWS\system32\__c00FDAFA.dat

 

klicka på knappen fixed checked.

 

ta bort dessa i felsäkert läge (om det går)

C:\WINDOWS\system32\__c00BA94B.dat

C:\WINDOWS\system32\__c00BCAA7.dat

C:\WINDOWS\system32\__c00D63C1.dat

C:\WINDOWS\system32\__c00FDAFA.dat

 

C:\WINDOWS\system32\lnnmp.tmp

C:\WINDOWS\system32\nqtwa.tmp

 

[inlägget ändrat 2007-05-04 00:34:43 av 927]

Link to comment
Share on other sites

 

okej klart! men de två sista filerna gick inte att hitta och __c00BA94B gick tyvärr inte och ta bort men resten försvann. tack!

 

Link to comment
Share on other sites

 

Har skickat filerna och min hijack log till 927@rixmail.com men jag gör det igen då, och en till niotjugosju@gmail.com

 

Link to comment
Share on other sites

 

nu kom dom fram.

 

http://swandog46.geekstogo.com/avenger.exe

 

spara exe filen på skrivbordet >starta programmet >bocka för input script manually >klicka på förstoringsglaset >kopiera in detta i fönstret:

 

Files to delete:

C:\WINDOWS\system32\__c00BA94B.dat

 

klicka på done >klicka på gröna lampan >svara ja.

när datorn är färdig så ska en logg visas. posta den och en ny HJT logg.

 

visas ingen logg så finns den här C:\avenger.txt

 

Link to comment
Share on other sites

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\gcikwbag

 

*******************

 

Script file located at: \??\C:\bmwqcdsw.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\__c00BA94B.dat deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 13:04:40, on 2007-05-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\InterVideo\Common\Bin\WinRemote.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Winamp\winampa.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\D-Tools\daemon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\rensning.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"

O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.6.0_01\bin\jusched.exe

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: __c00BA94B - C:\WINDOWS\system32\__c00BA94B.dat (file missing)

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjänst (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Verifiering av lösenord (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)

O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

 

Sådär! :)

 

Link to comment
Share on other sites

 

Senaste nytt är Datorn har återstållts till en tidagare punkt pga ett allvarligt fel. skulle tydligen finnas en logg men vet inte var jag hittar den om det skulle ha någon betydelse

 

Link to comment
Share on other sites

inte jag heller, kanske kan det finns något av värde i loggboken. den hittas under adminverktyg i kontrollpanelen

 

[inlägget ändrat 2007-05-07 18:08:04 av 927]

Link to comment
Share on other sites

jaja fattar ändp inget mne om det var allt så tackar jag så mycket för all hjälp datorn funkar väldigt bra nu iaf tack tack! :D

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...