Mats H

Tackar för tipset, ska ta mig av detta vid tillfälle, har frågat efter "smittkällan", så att den kan tas bort. Tydligen kommer dessa virus från "torrentsidor", har jag "förstått"! Mvh Mats H

Jo det är tydligen en gång om året!

Utlovad logg! Kan nog finnas ngt mer att ta bort, men ej kritiskt. USB minne var tydligen orsaken, ej i datorägarens besittning. Ska se om jag kan komma åt det, samt den datorn för rensning. Tack för hjälpen. Mvh Mats H Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:02, on 08.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Star O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254349512734 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7458 bytes

Ja då datorn är omstartad, allt fungerar utmärkt! Kommer att genomföra de sista föreslagna åtgärderna i morgon kväll. Tack för all hjälp! Mvh Mats H

Tack før all hjælp! Mvh Mats H Malwarebytes' Anti-Malware 1.41 Databaseversjon: 3126 Windows 5.1.2600 Service Pack 3 08.11.2009 18:33:15 mbam-log-2009-11-08 (18-33-15).txt Skanntype: Rask Skann Objekter skannet: 96493 Tid tilbakelagt: 4 minute(s), 35 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csec (Rogue.Installer) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\Fellesfiler\CSecUninstall (Rogue.CyberSecurity) -> Quarantined and deleted successfully. Filer infisert: C:\Programfiler\CSec\cs.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Programfiler\Fellesfiler\CSecUninstall\Uninstall.lnk (Rogue.CyberSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Jan-Ove\Programdata\Microsoft\Internet Explorer\Quick Launch\CSec.lnk (Worm.KoobFace) -> Quarantined and deleted successfully.

Hej igen. Føljande reultat. 1) Combofix: ComboFix 09-11-07.04 - Jan-Ove 08.11.2009 17:45.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.642 [GMT 1:00] Kjører fra: c:\documents and settings\Jan-Ove\Skrivebord\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 091108-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\ojizo.inf c:\documents and settings\Jan-Ove\Cookies\binina.lib c:\documents and settings\Jan-Ove\Cookies\duvubih.bat c:\documents and settings\Jan-Ove\Cookies\tetitokudo.bat c:\documents and settings\Jan-Ove\Cookies\xotomiq.pif c:\documents and settings\Jan-Ove\Cookies\xukum.scr c:\documents and settings\Jan-Ove\Lokale innstillinger\Programdata\movovubus.vbs c:\documents and settings\Jan-Ove\Lokale innstillinger\Programdata\oqepeq.reg c:\documents and settings\Jan-Ove\Lokale innstillinger\Programdata\yrofywepu.vbs c:\documents and settings\Jan-Ove\Programdata\iniasd.txt c:\documents and settings\Jan-Ove\Programdata\inst.exe c:\windows\bebi.vbs c:\windows\fozimop.inf c:\windows\hylizifyb.exe c:\windows\icygodeza.bat c:\windows\meqi.exe c:\windows\system32\ieHElpmod.dll c:\windows\unafa.inf D:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-08 til 2009-11-08 ))))))))))))))))))))))))))))))))) . 2009-11-08 11:10 . 2009-11-08 11:10 -------- d-----w- c:\programfiler\Trend Micro 2009-11-08 10:11 . 2009-11-08 10:40 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2009-11-07 19:24 . 2009-11-08 16:17 -------- d--h--r- c:\documents and settings\Jan-Ove\Siste 2009-11-07 19:14 . 2009-11-07 19:14 -------- d-----w- c:\programfiler\Fellesfiler\CSecUninstall 2009-11-07 19:14 . 2009-11-07 19:14 -------- d-----w- c:\programfiler\CSec 2009-11-04 07:26 . 2009-11-04 07:26 152576 ----a-w- c:\documents and settings\Jan-Ove\Programdata\Sun\Java\jre1.6.0_17\lzma.dll 2009-10-15 19:12 . 2009-10-15 19:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 11:09 . 2009-09-30 20:50 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-11-07 19:06 . 2009-10-01 19:09 -------- d-----w- c:\documents and settings\Jan-Ove\Programdata\vlc 2009-11-07 16:16 . 2008-11-15 13:47 -------- d-----w- c:\documents and settings\Jan-Ove\Programdata\uTorrent 2009-11-04 07:34 . 2006-08-23 11:22 -------- d-----w- c:\programfiler\Java 2009-11-04 07:33 . 2006-05-10 04:39 76494 ----a-w- c:\windows\system32\perfc014.dat 2009-11-04 07:33 . 2006-05-10 04:39 437528 ----a-w- c:\windows\system32\perfh014.dat 2009-10-29 17:06 . 2006-08-23 03:03 -------- d-----w- c:\programfiler\Google 2009-10-29 17:01 . 2008-11-17 19:07 -------- d-----w- c:\programfiler\Fellesfiler\Adobe 2009-10-15 11:21 . 2009-09-30 22:31 -------- d-----w- c:\documents and settings\Jan-Ove\Programdata\HpUpdate 2009-10-11 03:17 . 2008-12-18 07:40 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 07:45 . 2009-09-30 15:42 2880 ----a-w- C:\framework13.5.dat 2009-10-01 12:20 . 2008-12-07 19:50 -------- d-----w- c:\documents and settings\Jan-Ove\Programdata\Vso 2009-09-30 23:21 . 2006-08-23 03:06 -------- d-----w- c:\programfiler\Windows Media Connect 2 2009-09-30 23:14 . 2008-11-14 20:14 45912 -c--a-w- c:\documents and settings\Jan-Ove\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-09-30 22:35 . 2009-09-30 22:20 -------- d-----w- c:\programfiler\Microsoft Silverlight 2009-09-30 22:32 . 2009-09-30 22:32 -------- d-----w- c:\programfiler\Microsoft CAPICOM 2.1.0.2 2009-09-30 22:31 . 2006-08-23 11:22 -------- d-----w- c:\programfiler\HP 2009-09-30 22:20 . 2009-09-30 22:20 -------- d-----w- c:\programfiler\Microsoft 2009-09-30 22:20 . 2009-09-30 22:19 -------- d-----w- c:\programfiler\Windows Live 2009-09-30 22:19 . 2009-09-30 22:19 -------- d-----w- c:\programfiler\Windows Live SkyDrive 2009-09-30 22:18 . 2009-07-13 19:22 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS 2009-09-30 22:15 . 2009-09-30 22:15 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live 2009-09-30 22:14 . 2009-07-13 19:22 -------- d-----w- c:\programfiler\NOS 2009-09-30 22:08 . 2009-09-30 22:08 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-30 22:08 . 2009-09-30 22:08 -------- d-----w- c:\programfiler\Lavasoft 2009-09-30 22:08 . 2008-11-15 14:10 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft 2009-09-30 22:06 . 2009-09-30 22:06 -------- d-----w- c:\programfiler\CCleaner 2009-09-30 21:11 . 2009-09-30 21:11 -------- d-----w- c:\programfiler\MSBuild 2009-09-30 21:10 . 2009-09-30 21:10 -------- d-----w- c:\programfiler\Reference Assemblies 2009-09-30 21:00 . 2009-09-30 21:00 -------- d-----w- c:\programfiler\FileHippo.com 2009-09-30 20:50 . 2009-09-30 20:50 -------- d-----w- c:\documents and settings\Jan-Ove\Programdata\Malwarebytes 2009-09-30 20:50 . 2009-09-30 20:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-09-30 20:31 . 2009-09-30 20:31 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure 2009-09-30 15:42 . 2009-09-30 15:42 18839 ----a-w- c:\programfiler\Fellesfiler\diluw.pif 2009-09-30 15:42 . 2009-09-30 15:42 18531 ----a-w- c:\documents and settings\Jan-Ove\Programdata\hegigo.scr 2009-09-30 15:42 . 2009-09-30 15:42 18531 ----a-w- c:\documents and settings\Jan-Ove\Programdata\hegigo.scr 2009-09-30 15:42 . 2009-09-30 15:42 13332 ----a-w- c:\documents and settings\Jan-Ove\Lokale innstillinger\Programdata\rutowugo.dat 2009-09-11 14:20 . 2004-08-04 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2009-09-30 20:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-09-30 20:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:05 . 2004-08-04 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2004-08-04 21:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-17 16:10 . 2008-11-15 09:36 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2008-11-15 09:36 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2008-11-15 09:36 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2008-11-15 09:36 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2008-11-15 09:36 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2008-11-15 09:36 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2008-11-15 09:36 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2008-11-15 09:36 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2008-11-15 09:36 97480 ----a-w- c:\windows\system32\AvastSS.scr 2006-10-19 10:31 . 2008-11-15 05:05 0 -csha-w- c:\windows\SMINST\HPCD.SYS . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 68856] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "CSec"="c:\programfiler\CSec\cs.exe" [2009-11-07 1226240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-26 7561216] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QPService"="c:\programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 102400] "QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072] "Cpqset"="c:\programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "Google Quick Search Box"="c:\programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-29 122880] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2006-04-26 86016] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-26 1519616] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-17 61952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Dokumenter\\programer\\uTorrent.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.09.2009 23:10 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.11.2008 10:36 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.11.2008 10:36 20560] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [30.09.2009 21:50 38224] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 15:49 1028432] S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04.08.2004 22:00 14336] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MBR *NewlyCreated* - PROCEXP113 *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 22:09] 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{9C8BF0F6-F1A4-4D44-862B-3CD8B64FAD96}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.startsiden.no/ uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q306&bd=pavilion&pf=laptop IE: Google Sidewiki... - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 17:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????Y??????R?@?????,?@ skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-11-08 17:51 ComboFix-quarantined-files.txt 2009-11-08 16:51 Pre-Run: 65 793 167 360 byte ledig Post-Run: 66 056 359 936 byte ledig - - End Of File - - 7DECC3A4E079E89AC8B7086CCD05E8B7 2) TMHJ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:14, on 08.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q306&bd=pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [CSec] C:\Programfiler\CSec\cs.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254349512734 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8016 bytes 3) MBAM Malwarebytes' Anti-Malware 1.41 Databaseversjon: 3126 Windows 5.1.2600 Service Pack 3 08.11.2009 18:01:05 mbam-log-2009-11-08 (18-00-59).txt Skanntype: Rask Skann Objekter skannet: 96493 Tid tilbakelagt: 4 minute(s), 35 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csec (Rogue.Installer) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\Fellesfiler\CSecUninstall (Rogue.CyberSecurity) -> No action taken. Filer infisert: C:\Programfiler\CSec\cs.exe (Rogue.Installer) -> No action taken. C:\Programfiler\Fellesfiler\CSecUninstall\Uninstall.lnk (Rogue.CyberSecurity) -> No action taken. C:\Documents and Settings\Jan-Ove\Programdata\Microsoft\Internet Explorer\Quick Launch\CSec.lnk (Worm.KoobFace) -> No action taken. Datorn uppfør sig normalt, alla "ikoner" från Cyber Security ær borta! Avvaktar slutgiltigt svar om åtgærder! Mvh Mats H

OK! Ska byta dator igen! Hoppas verkligen att detta funkar! Tack så långt! Mvh Mats H

Hær kommer loggarna! Tyværr så blockeras jag hela tiden, att utføra ngt., gnm att IE8 ideligen hoppar till "blank"sida! Mvh Mats PS! Byter nu dator!! UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-10-26.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 14.11.2008 21:13:11 System Uptime: 11.08.2009 11:48:30 (2142 hours ago) Motherboard: Quanta | | 30B8 Processor: AMD Turion 64 X2 Mobile Technology TL-52 | Socket S1 | 1607/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 104 GiB total, 61,326 GiB free. D: is FIXED (FAT32) - 7 GiB total, 1,38 GiB free. E: is CDROM (UDF) ==== Disabled Device Manager Items ============= Class GUID: {36FC9E60-C465-11CF-8056-444553540000} Description: USB-enhet (sammensatt) Device ID: USB\VID_0C45&PID_62C0\SN0001 Manufacturer: (Standard USB-vertskontroller) Name: USB-enhet (sammensatt) PNP Device ID: USB\VID_0C45&PID_62C0\SN0001 Service: usbccgp ==== System Restore Points =================== RP189: 30.09.2009 17:40:14 - Kontrollpunkt for system RP190: 30.09.2009 17:40:14 - Kontrollpunkt for system RP191: 30.09.2009 17:40:14 - Kontrollpunkt for system RP192: 30.09.2009 17:40:15 - Kontrollpunkt for system RP193: 30.09.2009 17:40:15 - Kontrollpunkt for system RP194: 30.09.2009 17:40:16 - Kontrollpunkt for system RP195: 30.09.2009 17:40:16 - Kontrollpunkt for system RP196: 30.09.2009 17:40:16 - Kontrollpunkt for system RP197: 30.09.2009 17:40:16 - Kontrollpunkt for system RP198: 30.09.2009 17:40:16 - Kontrollpunkt for system RP199: 30.09.2009 17:40:17 - Software Distribution Service 3.0 RP200: 30.09.2009 17:40:17 - Kontrollpunkt for system RP201: 30.09.2009 17:40:17 - Kontrollpunkt for system RP202: 30.09.2009 17:40:17 - Kontrollpunkt for system RP203: 30.09.2009 17:40:18 - Kontrollpunkt for system RP204: 30.09.2009 17:40:18 - Kontrollpunkt for system RP205: 30.09.2009 17:40:18 - Kontrollpunkt for system RP206: 30.09.2009 17:40:18 - Software Distribution Service 3.0 RP207: 30.09.2009 17:40:18 - Kontrollpunkt for system RP208: 30.09.2009 17:40:18 - Kontrollpunkt for system RP209: 30.09.2009 17:40:18 - Kontrollpunkt for system RP210: 30.09.2009 17:40:19 - Installed Java 6 Update 15 RP211: 30.09.2009 17:40:19 - Kontrollpunkt for system RP212: 30.09.2009 17:40:19 - Kontrollpunkt for system RP213: 30.09.2009 17:40:19 - Kontrollpunkt for system RP214: 30.09.2009 17:40:20 - Software Distribution Service 3.0 RP215: 30.09.2009 17:40:20 - Software Distribution Service 3.0 RP216: 30.09.2009 17:40:20 - Kontrollpunkt for system RP217: 30.09.2009 17:40:21 - Kontrollpunkt for system RP218: 30.09.2009 17:40:21 - Kontrollpunkt for system RP219: 30.09.2009 17:40:21 - Kontrollpunkt for system RP220: 30.09.2009 17:40:22 - Kontrollpunkt for system RP221: 30.09.2009 17:40:22 - Kontrollpunkt for system RP222: 30.09.2009 17:40:22 - Kontrollpunkt for system RP223: 30.09.2009 17:40:22 - Kontrollpunkt for system RP224: 30.09.2009 17:40:23 - Software Distribution Service 3.0 RP225: 30.09.2009 17:40:23 - Kontrollpunkt for system RP226: 30.09.2009 17:40:23 - Kontrollpunkt for system RP227: 30.09.2009 17:40:23 - Kontrollpunkt for system RP228: 30.09.2009 17:40:23 - Kontrollpunkt for system RP229: 30.09.2009 17:40:24 - Software Distribution Service 3.0 RP230: 30.09.2009 17:40:24 - Kontrollpunkt for system RP231: 30.09.2009 17:40:24 - Kontrollpunkt for system RP232: 30.09.2009 17:40:24 - Kontrollpunkt for system RP233: 30.09.2009 17:40:24 - Kontrollpunkt for system RP234: 30.09.2009 17:40:24 - Kontrollpunkt for system RP235: 30.09.2009 17:40:24 - Kontrollpunkt for system RP236: 30.09.2009 17:40:25 - Kontrollpunkt for system RP237: 30.09.2009 17:40:25 - Kontrollpunkt for system RP238: 30.09.2009 17:40:25 - Kontrollpunkt for system RP239: 30.09.2009 23:10:29 - Installed %1 %2. RP240: 30.09.2009 23:10:36 - Skriverdriver Microsoft XPS Document Writer installert RP241: 30.09.2009 23:13:11 - Installed %1 %2. RP242: 01.10.2009 00:16:35 - Fjernet Adobe Reader 7.0 - Norsk RP243: 01.10.2009 00:16:50 - Installed Adobe Reader 9.1 - Norsk. RP244: 01.10.2009 00:26:53 - Software Distribution Service 3.0 RP245: 01.10.2009 00:32:30 - Software Distribution Service 3.0 RP246: 01.10.2009 00:37:30 - Software Distribution Service 3.0 RP247: 01.10.2009 00:49:46 - Skriverdriver Microsoft XPS Document Writer installert RP248: 01.10.2009 01:06:14 - Installert Windows Internet Explorer 8. RP249: 01.10.2009 01:07:04 - Software Distribution Service 3.0 RP250: 01.10.2009 01:11:16 - Removed Microsoft .NET Framework 1.1 RP251: 01.10.2009 01:12:07 - Fjernet Microsoft .NET Framework 1.1 Norwegian Language Pack RP252: 01.10.2009 01:12:44 - Fjernet Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - NOR RP253: 01.10.2009 01:19:12 - Installed Windows Media Player 11 RP254: 01.10.2009 01:19:48 - Installed Windows XP Wudf01000. RP255: 01.10.2009 01:21:32 - Installed Windows XP MSCompPackV1. RP256: 01.10.2009 01:23:37 - Software Distribution Service 3.0 RP257: 01.10.2009 01:30:04 - Software Distribution Service 3.0 RP258: 01.10.2009 14:08:51 - Software Distribution Service 3.0 RP259: 03.10.2009 15:29:57 - Kontrollpunkt for system RP260: 04.10.2009 17:00:34 - Kontrollpunkt for system RP261: 06.10.2009 19:42:20 - Kontrollpunkt for system RP262: 08.10.2009 09:16:33 - Kontrollpunkt for system RP263: 10.10.2009 22:12:26 - Kontrollpunkt for system RP264: 13.10.2009 20:55:52 - Kontrollpunkt for system RP265: 15.10.2009 12:37:52 - Kontrollpunkt for system RP266: 15.10.2009 21:04:07 - Software Distribution Service 3.0 RP267: 17.10.2009 19:22:06 - Kontrollpunkt for system RP268: 20.10.2009 19:52:41 - Kontrollpunkt for system RP269: 23.10.2009 16:13:20 - Kontrollpunkt for system RP270: 27.10.2009 12:06:03 - Kontrollpunkt for system RP271: 29.10.2009 18:01:01 - Removed Adobe Reader 9.1.3 - Norsk. RP272: 29.10.2009 18:01:24 - Installed Adobe Reader 9.2. RP273: 31.10.2009 19:25:35 - Kontrollpunkt for system RP274: 02.11.2009 18:22:11 - Kontrollpunkt for system RP275: 03.11.2009 18:55:00 - Kontrollpunkt for system RP276: 04.11.2009 08:33:49 - Installed Java 6 Update 17 RP277: 04.11.2009 09:11:11 - Software Distribution Service 3.0 RP278: 06.11.2009 16:46:11 - Kontrollpunkt for system RP279: 07.11.2009 16:46:16 - Kontrollpunkt for system RP280: 08.11.2009 16:52:50 - Kontrollpunkt for system ==== Installed Programs ====================== Ad-Aware Adobe Download Manager DDS (Ver_09-10-26.01) - NTFSx86 Run by Jan-Ove at 17:14:01,57 on 08.11.2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.524 [GMT 1:00] AV: avast! antivirus 4.8.1351 [VPS 091108-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\CSec\cs.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Jan-Ove\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.startsiden.no/ uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q306&bd=pavilion&pf=laptop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q306&bd=pavilion&pf=laptop BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programfiler\fellesfiler\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: &Google Toolbar Help: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - c:\windows\system32\iehelpmod.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programfiler\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programfiler\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programfiler\google\google toolbar\GoogleToolbar_32.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\programfiler\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [WMPNSCFG] c:\programfiler\windows media player\WMPNSCFG.exe uRun: [CSec] c:\programfiler\csec\cs.exe mRun: [hpWirelessAssistant] c:\programfiler\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit mRun: [nwiz] nwiz.exe /installquiet /nodetect mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe mRun: [synTPEnh] c:\programfiler\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\programfiler\hp\quickplay\QPService.exe" mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Cpqset] c:\programfiler\hewlett-packard\default settings\cpqset.exe mRun: [RecGuard] c:\windows\sminst\RecGuard.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [HP Software Update] c:\programfiler\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\programfiler\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\programfiler\fellesfiler\adobe\arm\1.0\AdobeARM.exe" mRun: [Google Quick Search Box] "c:\programfiler\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [sunJavaUpdateSched] "c:\programfiler\java\jre6\bin\jusched.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\programfiler\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: Google Sidewiki... - c:\programfiler\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254349512734 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-30 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-15 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-15 20560] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-30 38224] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432] S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336] =============== Created Last 30 ================ 2009-11-08 11:10:02 0 d-----w- c:\programfiler\Trend Micro 2009-11-07 19:24:33 0 d--h--r- c:\documents and settings\jan-ove\Siste 2009-11-07 19:14:27 0 d-----w- c:\programfiler\fellesfiler\CSecUninstall 2009-11-07 19:14:20 367616 ----a-w- c:\windows\system32\iehelpmod.dll 2009-11-07 19:14:10 0 d-----w- c:\programfiler\CSec ==================== Find3M ==================== 2009-11-04 07:33:54 76494 ----a-w- c:\windows\system32\perfc014.dat 2009-11-04 07:33:54 437528 ----a-w- c:\windows\system32\perfh014.dat 2009-10-22 09:18:34 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll 2009-10-11 03:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-09 07:45:40 2880 ----a-w- C:\framework13.5.dat 2009-09-30 22:09:58 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-09-30 15:42:29 19576 ----a-w- c:\windows\meqi.exe 2009-09-30 15:42:29 19526 ----a-w- c:\windows\icygodeza.bat 2009-09-30 15:42:29 18839 ----a-w- c:\programfiler\fellesfiler\diluw.pif 2009-09-30 15:42:29 18653 ----a-w- c:\windows\bebi.vbs 2009-09-30 15:42:29 18531 ----a-w- c:\docume~1\jan-ove\progra~1\hegigo.scr 2009-09-30 15:42:29 13223 ----a-w- c:\windows\hylizifyb.exe 2009-09-11 14:20:28 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 14:20:28 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll 2009-09-10 13:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:05:29 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-04 21:05:29 58880 ------w- c:\windows\system32\dllcache\msasn1.dll 2009-08-28 10:37:58 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-08-26 08:02:23 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-26 08:02:23 247326 ------w- c:\windows\system32\dllcache\strmdll.dll 2006-10-19 10:31:58 0 -csha-w- c:\windows\sminst\HPCD.SYS 2008-11-15 13:22:08 32768 -csha-w- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012008111520081116\index.dat ============= FINISH: 17:14:18,73 ===============

Tackar för det, ska byta dato roch återkomma! Mvh Mats H

Nej hjälp önskas, ngt som jag behöver, försöker dock med lite ideer så att eländet stoppar upp! Har inte kört TMHJ på de poster jag skulle kunna tänka mig att köra, se dem som förslag! Tar ett break, o går ut med hundarna! Mvh Mats H

Måste byta dator, webblæsaren hoppar hela tiden till en "blank" sida som talar om att "installera Webb skydd"! My a..!! Behåller TMHJ på och går nog før borttag av de 2 filer jag lagt under posten med TMHJ loggen!

O4 - HKCU\..\Run: [CSec] C:\Programfiler\CSec\cs.exe Skulle kunna vara en kandidat før eliminering?? Ngt mer som ngn kan hitta?? Ytterligare en! C:\Programfiler\CSec\cs.exe

Jadå!! har æven testat med F-Secures Online scanner, men vid borttag blev den blockerad! Har kørt en TMHJ o har en logg hær! Om den kan vara till hjælp!! TacK så længe!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:10:27, on 08.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RunDLL32.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\HP\QuickPlay\QPService.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\CSec\cs.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Lavasoft\Ad-Aware\AAWTray.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=NB_NO&c=Q306&bd=pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=Q306&bd=pavilion&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: &Google Toolbar Help - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\WINDOWS\system32\iehelpmod.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programfiler\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Programfiler\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programfiler\Fellesfiler\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Programfiler\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [CSec] C:\Programfiler\CSec\cs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254349512734 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9061 bytes

Spyware doctor hittade mycket riktigt problemet, och vill ha 10 Euro!! Testar detta førslag så får vi se!! Tack!

Tack!! Ska testa detta! Mvh Mats H

Hejsan,sitter med grannens dator!! Han har fått in ngt som heter CYBER SECURITY, som ær svårt att få bort! F-Secure Easy Clean, "hittar inget"!! Malwarebytes går ej att køra!! Tips o lite hjælp mottages tacksamt. OS Windows XP, SP3, AVAST Free, Ad-Ware- Knappt att datorn læt mig komma in på denna sida!! Mvh Mats H

Funkade med Google Chrome beta, (högerklicka)!!

Om du letade hjälp om dina "övriga program", varför inte göra en .txtfil av Win7 Upgrade advisor filen, med de program som ej är kompatibla, o lägga upp här, så kommer du säkert att få svar på vilka som fungerar hos andra som kör Win7. Mvh Mats H

Ja bara kul att se hur det utvecklar sig, 7 o Xp har ju vissa likheter, stabilitet!

Windows 7 nu med 2,15% marknadstäckning, kommer sig så smått eller?? (Källa:(http://marketshare.hitslink.com/report). Närmar sig raskt Mac OS X.5!! (Men med statistik kan man ju få till det lite som man vill!!)

Snö är bra!!

Fördel .jpg, 21.8 sek. från Power up!

OK!

Så här såg det ut i februari, när de bytte den förra "helt fungerande felaktiga"!