hijackthis

Du kör programet och då får man upp en lista med massa olika "filer/tjänster". Så markarar man dom "filerna" som man vill ta bort. Det programet så tar man bort vissa typer av trojaner som läger sig i andra filer. T.ex. så finns det vissa som gör så att din dator låser sig till en speciell start sida. Lägger iconer på skrivbordet mm. Så innan du börjar ta bort saker så ta reda på vilka filer du ska ta bort.

om du har problem med IE så posta en logg så ska jag ta en titt på den !

det enda som jag retar mig på är denna
O1 - Hosts: 64.24.234.120 swirve.com # added by utopia angel

Jag lånar också tråden lite, det är nämligen så att Explorer och Mozilla låser sig ibland, så finns det något att tag bort i loggen eller verkar allt ok?

Logfile of HijackThis v1.99.0
Scan saved at 18:29:28, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program\D-Tools\daemon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Analog Devices\SoundMAX\SMAgent.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Winamp\Winamp.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Recived Files\Program\Spyboot Porgs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Jag lånar också denna tråd till att posta min HijackThis-log:

Logfile of HijackThis v1.98.2
Scan saved at 19:36:34, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Eset\nod32kui.exe
C:\Program\WhatPulse\WhatPulse.exe
C:\Program\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program\D-Tools\daemon.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\iTunes\iTunes.exe
E:\=^~+¤SHaReD¤+~^=\Krapel&Romu\Program\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKCU\..\Run: [WhatPulse] C:\Program\WhatPulse\WhatPulse.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...

Finns där nåt suspekt?

ren & fin förutom denna
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
kolla in http://www.spywareguide.com/product_show.php?id=1242 för mer info - dock så tvivlar jag på att ditt problem orsakas av denna men om du inte använder gamespy arcade så skulle jag iaf rekommendera att du avinstallerar den.

__________________________________________

lite onödiga saker men annars så är den OK !
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

Ok, tack Lenco!

hjälp jag postar också en logg, är hemma hos en kompis som verkar ha mycket konstigt installerat.

Logfile of HijackThis v1.99.0
Scan saved at 20:41:49, on 2005-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\id2scaps.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\windows\system\hpsysdrv.exe
C:\Program\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
C:\Program\Logitech\ImageStudio\LogiTray.exe
C:\Program\ICQLite\ICQLite.exe
C:\Documents and Settings\Ägaren\Skrivbord\Malin\iTunesHelper.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\iD2\CSP\iD2CertMover.exe
C:\Program\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\Microsoft Office\Office\FINDFAST.EXE
C:\Program\Microsoft Office\Office\OSA.EXE
C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Spybot - Search & Destroy\SpybotSD.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.telia.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = login1.telia.com;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: load=hpljsw.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program\Delade filer\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [iTunesHelper] C:\Documents and Settings\Ägaren\Skrivbord\Malin\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [extra glue draw math] C:\Documents and Settings\All Users\Application Data\Dart fork extra glue\two blue.exe
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: iD2 CSP Certificate Utility.lnk = C:\Program\iD2\CSP\iD2CertMover.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .sgn: C:\Program\Internet Explorer\PLUGINS\npSign.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iD2 Smart Card Server - iD2 Technologies - C:\WINDOWS\system32\id2scaps.exe
O23 - Service: iPod-tjänst - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

starta datorn i felsäkert läge !

avsluta ALLA IE när ni tar bort saker med hijackthis

ta bort följande med hijackthis
O4 - HKLM\..\Run: [extra glue draw math] C:\Documents and Settings\All Users\Application Data\Dart fork extra glue\two blue.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program\Microsoft Office\Office\FINDFAST.EXE
saken ovanför är helt onödig men behåll den om ni vill

starta om datorn

ladda upp och scanna "two blue.exe" på
http://virusscan.jotti.org/
och
http://www.viruslist.com/en/scanforvirus
och meddela vad resultatet blev !

annars så ser den helt OK ut tycker jag - posta en ny logg så får jag ta en titt på den också !

Postar en log från min dator som jag överlämnat till god vän och nu fått tillbaks.
Någon Trojan har smygit in bland annat.

Logfile of HijackThis v1.99.0
Scan saved at 01:43:25, on 2005-01-29
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Stardock\TrayServer.exe
C:\Program\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program\D-Tools\daemon.exe
C:\Jonathan\Program\Jaws Pdf-creator\PDFClient.exe
C:\Jonathan\Program\WindowsStyles\CursorXP\CursorXP.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program\TGTSoft\StyleXP\StyleXP.exe
C:\Jonathan\Program\ICQ\ICQPlus\vplus.exe
C:\Jonathan\Program\ICQ\Icq.exe
C:\Jonathan\Program\ICQ\ICQPlus\VPlus.exe
C:\Jonathan\Program\Rainlendar\Rainlendar.exe
C:\Program\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program\Compaq\EASYAC~1\BttnServ.exe
C:\Jonathan\Program\Winamp\winamp.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Jonathan\Program\Mozilla Firefox\firefox.exe
C:\Program\Delade filer\Symantec Shared\NMain.exe
C:\Jonathan\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login1.telia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telia Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: cnbjeonx - {6BD8E275-3009-1EFC-747B-55AC86F204F0} - C:\WINDOWS\System32\cnbjeonx.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program\Delade filer\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\COMPAQ\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Jonathan\Program\ICQ\NDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\Program\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PDFCreatorClient] C:\Jonathan\Program\Jaws Pdf-creator\PDFClient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Jonathan\Program\WindowsStyles\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ICQ Plus] "C:\Jonathan\Program\ICQ\ICQPlus\vplus.exe"
O4 - Startup: Genväg till Icq.lnk = C:\Jonathan\Program\ICQ\Icq.exe
O4 - Startup: Genväg till VPlus.lnk = C:\Jonathan\Program\ICQ\ICQPlus\VPlus.exe
O4 - Startup: Rainlendar.lnk = C:\Jonathan\Program\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Jonathan\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Jonathan\Program\ICQ\ICQ.exe
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://startsidan.telia.se
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.a...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trend...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader...
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown - C:\Program\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

ALM

starta i felsäkert läge och ta bort följande
O2 - BHO: cnbjeonx - {6BD8E275-3009-1EFC-747B-55AC86F204F0} - C:\WINDOWS\System32\cnbjeonx.dll (file missing)
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
text från errorguards hemsida
Collection of Personal Information from Service Visitors Error-Guard, Inc. may collect and/or track (1) the home server domain names, email addresses, type of client computer, files downloaded, search engine used, operating system, and type of web browser of visitors to Error-Guard, Inc.'s web service, (2) the email addresses of visitors that communicate with Error-Guard, Inc. via email, (3) information knowingly provided by the visitor in online forms, registration forms, surveys, email, contest entries, and other online avenues (including demographic and personal profile data), and (4) aggregate and user-specific information on which pages visitors access.
så därför skulle jag ha tagit bort den också ! men testa och ta bort den med "lägg till/ta bort program" istället för med hijackthis
O16 - DPF: {23232323-2323-2323-2323-232323291122} - file://c:\x.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
mer info på http://www.sophos.com/virusinfo/analyses/trojadclickac.html

är inte säker på om denna är OK men jag skulle iaf rekommendera att du avinstallerar den via "lägg till/ta bort".
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe

stäng ner ALLA IE när du plockar bort sakerna, starta om datorn sen och posta en ny logg !

Lenco borde bli månadens/årets mest hjälpsamma medlem

här har det rasat in en massa skit sen sist...

starta om i felsäkert läge - bort med
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=143041
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=143041
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=143041
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=143041
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads1.revenue.net/load/206324...E_ID=11580&
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Web Rebates - file://C:\Program\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

ny logg sen !
ta och installera spywareblaster också !

Jag får väl också låna tråden då när Lenco e i farten...

Logfile of HijackThis v1.99.0
Scan saved at 19:06:47, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\WINDOWS\system32\memsvc.exe
c:\windows\system32\drivers\addins\r_server.exe
c:\windows\system32\drivers\addins\lsass.exe
C:\Program\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\wsmct.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\program\powerstrip\pstrip.exe
C:\Program\DU Meter\DUMeter.exe
C:\Program\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\jbclrvo.exe
C:\WINDOWS\System32\Ersbbk.exe
C:\Program\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program\F-Secure Anti-Virus\Common\FSLAUNCH.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\d8s1a.exe
C:\Program\Opera\Opera.exe
C:\d8s1a.exe
C:\d8s1a.exe
D:\Downloads\Program\_Små program\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1575...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=1575...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1575...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program\SideFind\sfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program\ISTbar\istbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [G3HUiR9] C:\WINDOWS\jbclrvo.exe
O4 - HKLM\..\Run: [sais] c:\program\180solutions\sais.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ylymst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ersbbk.exe
O4 - HKLM\..\Run: [IST Service] C:\Program\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program\SideFind\sidefind.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.com/dialer/internazionale_ver4.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CBC240B-A82F-4FE2-BF56-35EA3EFD8B3E}: NameServer = 81.26.226.3,81.26.226.2
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FireDaemon Service: ADOService - Unknown - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: Memory ALU Driver - Unknown - C:\WINDOWS\system32\memsvc.exe
O23 - Service: FireDaemon Service: RADService - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: FireDaemon Service: RPCProcedure - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: Remote Administrator Service - Unknown - c:\windows\system32\drivers\addins\r_server.exe

skulle rekommendera att du först kollar på följande sida och ser om du kan få bort ISTBar med hjälp av den.
http://www.kephyr.com/spywarescanner/library/istbar/index.pht...

"Uninstall procedure
Uninstall ISTBar from "Add/Remove Programs" in the Windows® Control Panel. Look for an entry named MS AUpdate, MS Updates, XXXToolbar, ISTsvc or ISTBar. If not such entry exists or if the uninstall failed, please contact the vendor for support."

testa med det först och återkom om det inte funkar - om du fick bort ISTBar så vill jag ha en ny logg !

du kan även om du vill plocka bort följande också, det finns mer skit också men vi tar det senare...

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program\SideFind\sfbho.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program\SideFind\sidefind.dll
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://www.advnt01.com/dialer/internazionale_ver4.CAB

hur som helst så vill jag ha en ny logg sen !

glömde bort att du förslagsvis gör allt i felsäkert läge !

Lenco jag har riktiga problem... Mitt internet funkar inte ibland, och så kommer det upp ett explorer fönster hela tiden. Vet inte vad jag ska göra men här kommer en ny logga...

Och vad fan är d8s1a.exe jag tror att det gör så att fönstret öppnas, har kollat på google men hittade inget om det...

Plus att jag har ett virus som mitt antivirus program inte kan ta bort Exploit.HTML.Mht så heter det

Logfile of HijackThis v1.99.0
Scan saved at 20:51:37, on 2005-01-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\WINDOWS\system32\memsvc.exe
c:\windows\system32\drivers\addins\r_server.exe
c:\windows\system32\drivers\addins\lsass.exe
C:\Program\F-Secure Anti-Virus\backweb\4476822\Program\BackWeb-4476822.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\wsmct.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
C:\program\powerstrip\pstrip.exe
C:\Program\DU Meter\DUMeter.exe
C:\Program\NetLimiter\NetLimiter.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\Ersbbk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program\F-Secure Anti-Virus\Common\FCH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program\F-Secure Anti-Virus\Common\fsm32.exe
C:\Program\Opera\Opera.exe
C:\Program\Spyware Doctor\swdoctor.exe
C:\Program\DC++\DCPlusPlus.exe
C:\d8s1a.exe
C:\d8s1a.exe
C:\d8s1a.exe
D:\Downloads\Program\_Små program\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [sais] c:\program\180solutions\sais.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ylymst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ersbbk.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program\ISTbar\istbar.dll"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Program\expektMPP\MPPoker.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CBC240B-A82F-4FE2-BF56-35EA3EFD8B3E}: NameServer = 81.26.226.3,81.26.226.2
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Adobe LM Service - Unknown - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FireDaemon Service: ADOService - Unknown - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2004 - Unknown - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: Memory ALU Driver - Unknown - C:\WINDOWS\system32\memsvc.exe
O23 - Service: FireDaemon Service: RADService - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: FireDaemon Service: RPCProcedure - Unknown - c:\windows\system32\drivers\addins\FireDaemon.EXE
O23 - Service: Remote Administrator Service - Unknown - c:\windows\system32\drivers\addins\r_server.exe

så här hade jag försökt lösa det iaf.

starta i felsäkert läge

avsluta följande processer
C:\WINDOWS\system32\memsvc.exe
C:\WINDOWS\System32\winasp.exe
C:\WINDOWS\System32\SmsSystem32.exe
C:\WINDOWS\System32\wsmct.exe
C:\WINDOWS\System32\Ersbbk.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
( mer info http://sarc.com/avcenter/venc/data/adware.netoptimizer.html )
C:\d8s1a.exe
C:\d8s1a.exe
C:\d8s1a.exe

så länge som du kör hijackthis från en egen mapp så skapar den backup på allt den tar bort - kan vara bra om det skulle strula sen.

ta bort följande med hijackthis
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
(ev så kanske denna tillhör spyware doctor och då kan du spara den om du har den installerad...)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
(ev så kanske denna tillhör spyware doctor och då kan du spara den om du har den installerad...)

O4 - HKLM\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\Run: [NvCplScan] winasp.exe
O4 - HKLM\..\Run: [sais] c:\program\180solutions\sais.exe
O4 - HKLM\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ylymst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Ersbbk.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [*wuauclt.exe] wsmct.exe
O4 - HKLM\..\RunServices: [NvCplScan] winasp.exe
O4 - HKLM\..\RunServices: [Sms System32] SmsSystem32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKLM\..\RunOnce: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\Run: [*wuauclt.exe] wsmct.exe
O4 - HKCU\..\Run: [NvCplScan] winasp.exe
O4 - HKCU\..\Run: [Sms System32] SmsSystem32.exe
O4 - HKCU\..\RunOnce: [NvCplScan] winasp.exe
O4 - HKCU\..\RunOnce: [Sms System32] SmsSystem32.exe
O23 - Service: *wuauclt.exe - Unknown - C:\WINDOWS\System32\wsmct.exe
O23 - Service: Memory ALU Driver - Unknown - C:\WINDOWS\system32\memsvc.exe

ev denna också - vet inte om du har försökt avinstallera ISTBar och att den ska ta bort en massa filer vid nästa omstart... (det är ju en runonce så det innebär att den bara kommer att köras en gång)
O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program\ISTbar\istbar.dll

kom ihåg att avsluta alla IE när du tar bort sakerna !

installera spywareblaster också - uppdatera den - klicka på "enable all protection" !!! (länk finns nedanför)

__________________________________________

tror jag har fått med det mesta men starta om datorn sen och posta en ny logg !

Jag vill åxå låna tråden.

Logfile of HijackThis v1.99.0
Scan saved at 19:21:47, on 2005-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Norman\bin\ZLH.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
C:\Program\Creative\ShareDLL\MEDIADET.EXE
C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
c:\apache\Apache.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
c:\apache\Apache.exe
C:\Program\Norman\bin\ZANDA.EXE
c:\apache\APACHE.EXE
C:\WINDOWS\System32\svchost.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\alg.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
C:\Program\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
C:\PROGRAM\NORMAN\nvc\BIN\nvcoas.exe
C:\Program\Norman\Nvc\bin\cclaw.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Matti\LOKALA~1\Temp\Temporär katalog 1 för hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kiruna.cc/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Program\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk (file missing)
O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Program\LingoCom\Translator.lnk (file missing)
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sf-anytime.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/22b74f9bdf1ec18aa620/netzip/RdxIE601.cab
O16 - DPF: {7099D57A-2CF3-4919-9874-A035F8193AA0} (InstaladorCharisma Control) - http://www.redzone.nu/download/charisma/instaladorcharisma.ca...
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/Fil...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.linnea.net/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader...
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Apache - Unknown - c:\apache\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: Norman API-hooking helper - Unknown - C:\PROGRAM\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\Program\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Program\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\PROGRAM\NORMAN\nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\PROGRAM\NORMAN\nvc\BIN\NVCSCHED.EXE
O23 - Service: PHPGeekUtil - Unknown - c:\apache\APACHE.EXE

Lenco For President!

Fler som dig på forumet!

Verkligen kul att se ett sweclocker helgon!

För att få bort ISTbar så krävs att din dator är i Felsäkert Läge.