alfdeejay

Tack för hjälpen. Hälsningar Anders

Bra att du inte ser något skadligt i loggarna. Vad är det jag bör göra med slutstädningen ? Tack för all hjälp. Hälsningar Anders

Jag trodde att jag hade lagt in loggen men jag hade nog glömt att spara här. Här kommer loggen: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:30:10, on 2011-02-06 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\explorer.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe" O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program\Delade filer\Nero\Lib\NMFirstStart.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe -- End of file - 9887 bytes

Jag har bara två användare "Anders" och "administratör" OK. Jag gör en HiJackthhis log i "administratör". Återkommer.

Jag har varit inloggad bara som en användare "Anders" ej adminstratör när jag har kört HiJackthis och DDS.

DDS (Ver_10-12-12.02) - NTFSx86 Run by Anders at 21:07:47,34 on 2011-02-05 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3327.2687 [GMT 1:00] AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe svchost.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Documents and Settings\Anders\Skrivbord\SYSTEMCARE\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program\ws_ftp pro\wsbho2k0.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PRONoMgrWired] c:\program\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [Net iD] "c:\program\net id\iid.exe" mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [WheelMouse] c:\program\a4tech\mouse\Amoumain.exe mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [egui] "c:\program\eset\eset smart security\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program\icq6.5\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program\java\jre6\bin\npjpi160_23.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.se/s/v/56.25/uploader2.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5BACC17E-BDF7-405B-BC68-ECB506395118} - No File SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\system32\srrstr. mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\anders\applic~1\mozilla\firefox\profiles\uiycgwrd.default\ FF - prefs.js: browser.search.selectedEngine - FF - plugin: c:\program\google\picasa3\npPicasa3.dll FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program\microsoft\office live\npOLW.dll FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program\personal\bin\np_prsnl.dll FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ============= SERVICES / DRIVERS =============== R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-1-6 97920] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-9-4 12872] R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-9-4 67656] R2 BCMNTIO;BCMNTIO;c:\program\checkit\diagno~1\BCMNTIO.sys [2008-3-21 3744] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-17 12672] R2 ekrn;ESET Service;c:\program\eset\eset smart security\ekrn.exe [2010-6-24 810144] R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program\firebird\bin\fbserver.exe -s --> c:\program\firebird\bin\fbserver.exe -s [?] R2 MAPMEM;MAPMEM;c:\program\checkit\diagno~1\MAPMEM.sys [2008-3-21 3904] R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] R2 WBA_Agent_Client;Brother BRAgent;c:\program\brother\bragent\BRAgtSrv.exe [2009-8-30 86016] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2008-4-28 110128] S2 ioloFileInfoList;iolo FileInfoList Service; [x] S2 ioloSystemService;iolo System Service; [x] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-1-11 13824] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2007-1-7 1527900] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 fsssvc;Windows Live Family Safety Service;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-9 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-9 8320] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?] S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-1-15 12872] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-26 42368] S4 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\glocalnet\bredbandscenter\BredbandscenterUpdater.exe [2008-10-9 1055912] =============== Created Last 30 ================ 2011-02-04 18:12:22 388096 ----a-r- c:\docume~1\anders\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-02-04 18:12:21 -------- d-----w- c:\program\Trend Micro 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-29 00:55:09 -------- d-----w- c:\docume~1\anders\applic~1\Malwarebytes 2011-01-29 00:55:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-29 00:55:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-29 00:54:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-29 00:54:57 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2011-01-28 23:46:08 -------- d-----w- c:\program\Mamutu 2011-01-27 21:42:44 83249512 ----a-w- c:\program\delade filer\windows live\.cache\wlc100.tmp 2011-01-27 17:38:41 -------- d-----w- c:\docume~1\anders\applic~1\Tific 2011-01-27 13:12:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2011-01-27 13:12:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2011-01-26 22:49:51 -------- d--h--w- c:\windows\ie8 2011-01-26 22:30:39 -------- dc----w- c:\windows\ie8(2) 2011-01-26 21:29:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-19 22:28:59 92672 -c--a-w- c:\windows\system32\dllcache\SETFE.tmp 2011-01-19 22:24:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-01-19 22:23:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-01-19 22:23:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-01-19 22:23:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-01-19 16:09:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-01-19 16:09:04 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-01-19 16:06:43 2190720 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-01-19 16:06:43 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-01-19 16:06:42 2067584 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-01-19 16:06:42 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-01-19 16:04:20 293376 ------w- c:\windows\system32\browserchoice.exe 2011-01-19 00:36:45 -------- d-----w- c:\program\Innovative Solutions 2011-01-18 21:56:21 -------- d-----w- c:\program\delade filer\ATI Technologies 2011-01-18 21:41:59 -------- d-----w- c:\program\ATI 2011-01-18 21:40:56 -------- d-----w- c:\program\ATI Technologies 2011-01-18 21:34:23 -------- d-----w- C:\AMD 2011-01-18 21:00:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll 2011-01-18 20:59:56 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll 2011-01-18 20:56:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2011-01-18 20:56:49 16384 ----a-w- c:\program\internet explorer\connection wizard\isignup.exe 2011-01-18 20:53:09 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2011-01-18 20:39:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2011-01-18 20:39:56 24661 ----a-w- c:\windows\system32\spxcoins.dll 2011-01-18 20:39:56 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2011-01-18 20:39:56 13312 ----a-w- c:\windows\system32\irclass.dll 2011-01-18 20:39:31 16825 ----a-r- c:\windows\SET178.tmp 2011-01-18 20:39:29 1088840 ----a-r- c:\windows\SET16C.tmp 2011-01-18 20:39:26 1244837 ----a-r- c:\windows\SET169.tmp 2011-01-18 20:38:36 55808 ----a-w- C:\devcon.exe 2011-01-18 20:38:36 20992 ----a-w- C:\makePNF.exe 2011-01-18 20:38:36 137728 ----a-w- C:\mute.exe 2011-01-18 20:32:23 2519040 ----a-w- c:\windows\system32\nvwssr.dll 2011-01-18 20:31:59 6549504 ----a-w- c:\windows\system32\nvdisps.dll 2011-01-18 20:31:59 1089536 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-18 20:31:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-18 20:31:53 385024 ----a-w- c:\windows\system32\nvapi.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcodins.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcod.dll 2011-01-18 20:31:43 155716 ----a-w- c:\windows\system32\nvsvc32.exe 2011-01-17 22:29:38 -------- d-sh--r- C:\cmdcons 2011-01-17 22:29:37 -------- d-----w- c:\windows\setup.pss 2011-01-17 19:46:11 -------- d-----w- C:\cmdcons(2) 2011-01-12 15:51:24 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-01-12 06:43:15 65536 ----a-w- c:\windows\system32\afasrv32.exe 2011-01-12 06:43:15 -------- d-----w- c:\program\USBESTDI 2011-01-09 17:16:07 -------- d-----w- c:\docume~1\anders\applic~1\Registry Mechanic 2011-01-08 13:34:43 -------- d-----w- c:\program\VS Revo Group 2011-01-08 13:08:52 -------- d-----w- c:\program\Eusing Free Registry Cleaner 2011-01-08 11:15:19 -------- d-----w- c:\program\Wise Registry Cleaner 2011-01-07 19:45:32 344064 ----a-w- c:\windows\system32\drivers\Dr71WU.sys 2011-01-07 18:51:47 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-01-07 18:51:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-07 11:12:15 -------- d-----w- c:\docume~1\anders\lokala~1\applic~1\Symantec 2011-01-06 22:28:50 0 ----a-w- c:\windows\ativpsrm.bin 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET6F.tmp 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET1B8.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET6D.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET1B6.tmp 2011-01-06 20:11:46 -------- d-----w- c:\program\OpenAL ==================== Find3M ==================== 2011-01-19 00:41:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-19 00:41:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll ============= FINISH: 21:09:21,29 =============== Attach.txt

Jag vet inte vad Tnod User är. Jag har avinstallerat det nu. Jag vill inte ha några program som jag inte vet vad det är. Eset Smart Security är en Trial version som jag testar nu. Ska jag avinstallera det också ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:19:06, on 2011-02-05 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Mozilla Firefox\firefox.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe" O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe -- End of file - 11672 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:12:55, on 2011-02-04 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\msiexec.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe" O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [TNOD UP] "C:\Program\TNod User & Password Finder\TNODUP.exe" /i O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe -- End of file - 11774 bytes

Vet ej om det är något program som övervakar registret. Eset Smart Security kanske ,men jag tror inte att det ändrar registret. // Anders

Här kommer den nya DDS loggen: DDS (Ver_10-12-12.02) - NTFSx86 Run by Anders at 21:55:16,41 on 2011-02-02 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3327.2677 [GMT 1:00] AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Anders\Skrivbord\CDBURN\Win XP Tools\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program\ws_ftp pro\wsbho2k0.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PRONoMgrWired] c:\program\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [Net iD] "c:\program\net id\iid.exe" mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [WheelMouse] c:\program\a4tech\mouse\Amoumain.exe mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [TNOD UP] "c:\program\tnod user & password finder\TNODUP.exe" /i mRun: [egui] "c:\program\eset\eset smart security\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program\icq6.5\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program\java\jre6\bin\npjpi160_23.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.se/s/v/56.25/uploader2.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5BACC17E-BDF7-405B-BC68-ECB506395118} - No File SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\system32\srrstr. mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\anders\applic~1\mozilla\firefox\profiles\uiycgwrd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&q= FF - plugin: c:\program\google\picasa3\npPicasa3.dll FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program\microsoft\office live\npOLW.dll FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program\personal\bin\np_prsnl.dll FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ============= SERVICES / DRIVERS =============== R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-1-6 97920] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-9-4 12872] R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-9-4 67656] R2 BCMNTIO;BCMNTIO;c:\program\checkit\diagno~1\BCMNTIO.sys [2008-3-21 3744] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-17 12672] R2 ekrn;ESET Service;c:\program\eset\eset smart security\ekrn.exe [2010-6-24 810144] R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program\firebird\bin\fbserver.exe -s --> c:\program\firebird\bin\fbserver.exe -s [?] R2 MAPMEM;MAPMEM;c:\program\checkit\diagno~1\MAPMEM.sys [2008-3-21 3904] R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] R2 WBA_Agent_Client;Brother BRAgent;c:\program\brother\bragent\BRAgtSrv.exe [2009-8-30 86016] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2008-4-28 110128] S2 ioloFileInfoList;iolo FileInfoList Service; [x] S2 ioloSystemService;iolo System Service; [x] S2 Mesppanger;Mesppanger; [x] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-1-11 13824] S3 AtiDCM;AtiDCM;\??\c:\documents and settings\administratör\lokala inställningar\temp\atidcmxx.sys --> c:\documents and settings\administratör\lokala inställningar\temp\atidcmxx.sys [?] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2007-1-7 1527900] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 fsssvc;Windows Live Family Safety Service;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-9 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-9 8320] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?] S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-1-15 12872] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-26 42368] S4 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\glocalnet\bredbandscenter\BredbandscenterUpdater.exe [2008-10-9 1055912] =============== Created Last 30 ================ 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-29 00:55:09 -------- d-----w- c:\docume~1\anders\applic~1\Malwarebytes 2011-01-29 00:55:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-29 00:55:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-29 00:54:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-29 00:54:57 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2011-01-28 23:46:08 -------- d-----w- c:\program\Mamutu 2011-01-27 21:42:44 83249512 ----a-w- c:\program\delade filer\windows live\.cache\wlc100.tmp 2011-01-27 17:38:41 -------- d-----w- c:\docume~1\anders\applic~1\Tific 2011-01-27 13:12:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2011-01-27 13:12:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2011-01-26 22:49:51 -------- d--h--w- c:\windows\ie8 2011-01-26 22:30:39 -------- dc----w- c:\windows\ie8(2) 2011-01-26 21:29:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-19 22:28:59 92672 -c--a-w- c:\windows\system32\dllcache\SETFE.tmp 2011-01-19 22:24:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-01-19 22:23:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-01-19 22:23:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-01-19 22:23:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-01-19 16:09:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-01-19 16:09:04 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-01-19 16:06:43 2190720 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-01-19 16:06:43 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-01-19 16:06:42 2067584 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-01-19 16:06:42 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-01-19 16:04:20 293376 ------w- c:\windows\system32\browserchoice.exe 2011-01-19 00:36:45 -------- d-----w- c:\program\Innovative Solutions 2011-01-18 21:56:21 -------- d-----w- c:\program\delade filer\ATI Technologies 2011-01-18 21:41:59 -------- d-----w- c:\program\ATI 2011-01-18 21:40:56 -------- d-----w- c:\program\ATI Technologies 2011-01-18 21:34:23 -------- d-----w- C:\AMD 2011-01-18 21:00:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll 2011-01-18 20:59:56 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll 2011-01-18 20:56:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2011-01-18 20:56:49 16384 ----a-w- c:\program\internet explorer\connection wizard\isignup.exe 2011-01-18 20:53:09 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2011-01-18 20:39:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2011-01-18 20:39:56 24661 ----a-w- c:\windows\system32\spxcoins.dll 2011-01-18 20:39:56 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2011-01-18 20:39:56 13312 ----a-w- c:\windows\system32\irclass.dll 2011-01-18 20:39:31 16825 ----a-r- c:\windows\SET178.tmp 2011-01-18 20:39:29 1088840 ----a-r- c:\windows\SET16C.tmp 2011-01-18 20:39:26 1244837 ----a-r- c:\windows\SET169.tmp 2011-01-18 20:38:36 55808 ----a-w- C:\devcon.exe 2011-01-18 20:38:36 20992 ----a-w- C:\makePNF.exe 2011-01-18 20:38:36 137728 ----a-w- C:\mute.exe 2011-01-18 20:32:23 2519040 ----a-w- c:\windows\system32\nvwssr.dll 2011-01-18 20:31:59 6549504 ----a-w- c:\windows\system32\nvdisps.dll 2011-01-18 20:31:59 1089536 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-18 20:31:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-18 20:31:53 385024 ----a-w- c:\windows\system32\nvapi.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcodins.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcod.dll 2011-01-18 20:31:43 155716 ----a-w- c:\windows\system32\nvsvc32.exe 2011-01-17 22:29:38 -------- d-sh--r- C:\cmdcons 2011-01-17 22:29:37 -------- d-----w- c:\windows\setup.pss 2011-01-17 19:46:11 -------- d-----w- C:\cmdcons(2) 2011-01-12 15:51:24 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-01-12 06:43:15 65536 ----a-w- c:\windows\system32\afasrv32.exe 2011-01-12 06:43:15 -------- d-----w- c:\program\USBESTDI 2011-01-09 17:16:07 -------- d-----w- c:\docume~1\anders\applic~1\Registry Mechanic 2011-01-08 13:34:43 -------- d-----w- c:\program\VS Revo Group 2011-01-08 13:08:52 -------- d-----w- c:\program\Eusing Free Registry Cleaner 2011-01-08 11:15:19 -------- d-----w- c:\program\Wise Registry Cleaner 2011-01-07 19:45:32 344064 ----a-w- c:\windows\system32\drivers\Dr71WU.sys 2011-01-07 18:51:47 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-01-07 18:51:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-07 11:12:15 -------- d-----w- c:\docume~1\anders\lokala~1\applic~1\Symantec 2011-01-06 22:28:50 0 ----a-w- c:\windows\ativpsrm.bin 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET6F.tmp 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET1B8.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET6D.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET1B6.tmp 2011-01-06 20:11:46 -------- d-----w- c:\program\OpenAL 2011-01-06 20:04:20 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2011-01-06 18:44:34 32768 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\objectps.dll 2011-01-06 18:44:34 225280 ----a-w- c:\program\delade filer\installshield\iscript\iscript.dll 2011-01-06 18:44:34 176128 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\iuser.dll 2011-01-06 18:44:33 77824 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\ctor.dll 2011-01-06 18:44:33 212992 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\ILog.dll ==================== Find3M ==================== 2011-01-19 00:41:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-19 00:41:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:22:40 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:22:40 916480 ----a-w- c:\windows\system32\wininet(2).dll 2010-11-06 00:22:39 43520 ------w- c:\windows\system32\licmgr10.dll 2010-11-06 00:22:39 1469440 ------w- c:\windows\system32\inetcpl.cpl ============= FINISH: 21:56:28,37 =============== Attach.txt

Jag har spårat filen. Både Open GL och AppSetup ingår i ett programpaket för mitt ljudkort från Creativelabs. Soundblaster. Open GL går att avinstallera om man vill. Jag använder inte denna funktion. Appsetup.exe Om jag trycker engenskaper får jag upp texten: Copyright © 2009, Creative Technology Ltd Så de filerna verkar höra ihop och är OK.

Open AL känner jag igen. Det har jag installerat. Appsetup känner jag inte igen. C hårddisken är nyinstallerad i år i januari. Jag klonade min hårddisk för jag ville göra en säkerhetskopia på min orginalhårdisk.

Jag gjorde det men fick medelande om att den var för stor filen.

Hej. Jag har nu installerat den säkra hosts filen. Verkar som att den inte blockerar www.google längre. Var kan jag läsa den nuvarande Hosts-filen i Win XP ? Är det något mer program som skyddar emot skadliga program förutom Eset Smart Security, som jag du kan rekomendera mig att installera ? Kan jag nu lita på att systemet är 99% säkert ? :-) Mvh Anders

Jag tyvärr inte Combofix. Hur får jag tag på det ? Tack för hjälpen. // Anders

Hej Cecilia. tack för ditt svar. Det borde räcka med en standard hosts fil ? Är jag tillräckligt skyddad med Eset Internet Security 4.0 emot skadliga program ? Efter jag har scannat med flera Anti-Spyware program som MBAM kan jag vara helt säker på att jag är ren från Skadliga program på min dator ? Jag ska avinstallera de gamla java versionerna m.m. Hälsningar Anders

Så ser loggfilen ut i MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databasversion: 5633 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2011-01-29 10:48:22 mbam-log-2011-01-29 (10-48-22).txt Skanningstyp: Fullständig skanning (C:\|) Antal skannade objekt: 402162 Förfluten tid: 52 minut(er), 22 sekund(er) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 2 Infekterade registervärden: 1 Infekterade registerdataposter: 1 Infekterade mappar: 0 Infekterade filer: 1 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infekterade registervärden: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\mirc (Trojan.StartPage) -> Value: mirc -> Quarantined and deleted successfully. Infekterade registerdataposter: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\WINDOWS\Tasks\{66ba574b-1e11-49b8-909c-8cc9e0e8e015}.job (Trojan.Downloader) -> Quarantined and deleted successfully. ** SLUT ** DDS.txt: DDS (Ver_10-12-12.02) - NTFSx86 Run by Anders at 0:57:37,73 on 2011-01-31 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3327.2681 [GMT 1:00] AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Mozilla Firefox\firefox.exe C:\Documents and Settings\Anders\Skrivbord\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program\ws_ftp pro\wsbho2k0.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PRONoMgrWired] c:\program\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [Net iD] "c:\program\net id\iid.exe" mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [WheelMouse] c:\program\a4tech\mouse\Amoumain.exe mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [TNOD UP] "c:\program\tnod user & password finder\TNODUP.exe" /i mRun: [egui] "c:\program\eset\eset smart security\egui.exe" /hide /waitservice dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program\icq6.5\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.se/s/v/56.25/uploader2.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5BACC17E-BDF7-405B-BC68-ECB506395118} - No File SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\system32\srrstr. mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe" Hosts: 127.0.0.1 www.spywareinfo.com Hosts: 178.162.151.88 www.google.co.uk Hosts: 178.162.151.88 www.google.ca Hosts: 178.162.151.88 www.google.com.br Hosts: 178.162.151.88 www.google.co.il Note: multiple HOSTS entries found. Please refer to Attach.txt ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\anders\applic~1\mozilla\firefox\profiles\uiycgwrd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q= FF - component: c:\documents and settings\anders\application data\mozilla\firefox\profiles\uiycgwrd.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}\components\FFExternalAlert.dll FF - component: c:\documents and settings\anders\application data\mozilla\firefox\profiles\uiycgwrd.default\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2}\components\RadioWMPCore.dll FF - component: c:\documents and settings\anders\application data\mozilla\firefox\profiles\uiycgwrd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll FF - component: c:\documents and settings\anders\application data\mozilla\firefox\profiles\uiycgwrd.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program\google\picasa3\npPicasa3.dll FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program\microsoft\office live\npOLW.dll FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program\personal\bin\np_prsnl.dll FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: TranslatorBar 1.2 Toolbar: {548f6736-8fe4-4680-82f2-170d6c07e1d2} - %profile%\extensions\{548f6736-8fe4-4680-82f2-170d6c07e1d2} FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ============= SERVICES / DRIVERS =============== R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-1-6 97920] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-9-4 12872] R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-9-4 67656] R2 BCMNTIO;BCMNTIO;c:\program\checkit\diagno~1\BCMNTIO.sys [2008-3-21 3744] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-17 12672] R2 ekrn;ESET Service;c:\program\eset\eset smart security\ekrn.exe [2010-6-24 810144] R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program\firebird\bin\fbserver.exe -s --> c:\program\firebird\bin\fbserver.exe -s [?] R2 MAPMEM;MAPMEM;c:\program\checkit\diagno~1\MAPMEM.sys [2008-3-21 3904] R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] R2 WBA_Agent_Client;Brother BRAgent;c:\program\brother\bragent\BRAgtSrv.exe [2009-8-30 86016] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2008-4-28 110128] S2 ioloFileInfoList;iolo FileInfoList Service; [x] S2 ioloSystemService;iolo System Service; [x] S2 Mesppanger;Mesppanger; [x] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-1-11 13824] S3 AtiDCM;AtiDCM;\??\c:\documents and settings\administratör\lokala inställningar\temp\atidcmxx.sys --> c:\documents and settings\administratör\lokala inställningar\temp\atidcmxx.sys [?] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2007-1-7 1527900] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 fsssvc;Windows Live Family Safety Service;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-9 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-9 8320] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?] S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-1-15 12872] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-26 42368] S4 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\glocalnet\bredbandscenter\BredbandscenterUpdater.exe [2008-10-9 1055912] =============== Created Last 30 ================ 2011-01-30 21:26:23 5690 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-29 00:55:09 -------- d-----w- c:\docume~1\anders\applic~1\Malwarebytes 2011-01-29 00:55:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-29 00:55:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-29 00:54:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-29 00:54:57 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2011-01-28 23:46:08 -------- d-----w- c:\program\Mamutu 2011-01-27 21:42:44 83249512 ----a-w- c:\program\delade filer\windows live\.cache\wlc100.tmp 2011-01-27 17:38:41 -------- d-----w- c:\docume~1\anders\applic~1\Tific 2011-01-27 13:12:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2011-01-27 13:12:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2011-01-26 22:49:51 -------- d--h--w- c:\windows\ie8 2011-01-26 22:30:39 -------- dc----w- c:\windows\ie8(2) 2011-01-26 21:29:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-19 22:28:59 92672 -c--a-w- c:\windows\system32\dllcache\SETFE.tmp 2011-01-19 22:24:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-01-19 22:23:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-01-19 22:23:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-01-19 22:23:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-01-19 16:09:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-01-19 16:09:04 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-01-19 16:06:43 2190720 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-01-19 16:06:43 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-01-19 16:06:42 2067584 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-01-19 16:06:42 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-01-19 16:04:20 293376 ------w- c:\windows\system32\browserchoice.exe 2011-01-19 00:36:45 -------- d-----w- c:\program\Innovative Solutions 2011-01-18 21:56:21 -------- d-----w- c:\program\delade filer\ATI Technologies 2011-01-18 21:41:59 -------- d-----w- c:\program\ATI 2011-01-18 21:40:56 -------- d-----w- c:\program\ATI Technologies 2011-01-18 21:34:23 -------- d-----w- C:\AMD 2011-01-18 21:00:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll 2011-01-18 20:59:56 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll 2011-01-18 20:56:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2011-01-18 20:56:49 16384 ----a-w- c:\program\internet explorer\connection wizard\isignup.exe 2011-01-18 20:53:09 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2011-01-18 20:39:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2011-01-18 20:39:56 24661 ----a-w- c:\windows\system32\spxcoins.dll 2011-01-18 20:39:56 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2011-01-18 20:39:56 13312 ----a-w- c:\windows\system32\irclass.dll 2011-01-18 20:39:31 16825 ----a-r- c:\windows\SET178.tmp 2011-01-18 20:39:29 1088840 ----a-r- c:\windows\SET16C.tmp 2011-01-18 20:39:26 1244837 ----a-r- c:\windows\SET169.tmp 2011-01-18 20:38:36 55808 ----a-w- C:\devcon.exe 2011-01-18 20:38:36 20992 ----a-w- C:\makePNF.exe 2011-01-18 20:38:36 137728 ----a-w- C:\mute.exe 2011-01-18 20:32:23 2519040 ----a-w- c:\windows\system32\nvwssr.dll 2011-01-18 20:31:59 6549504 ----a-w- c:\windows\system32\nvdisps.dll 2011-01-18 20:31:59 1089536 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-18 20:31:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-18 20:31:53 385024 ----a-w- c:\windows\system32\nvapi.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcodins.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcod.dll 2011-01-18 20:31:43 155716 ----a-w- c:\windows\system32\nvsvc32.exe 2011-01-17 22:29:38 -------- d-sh--r- C:\cmdcons 2011-01-17 22:29:37 -------- d-----w- c:\windows\setup.pss 2011-01-17 19:46:11 -------- d-----w- C:\cmdcons(2) 2011-01-12 15:51:24 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-01-12 06:43:15 65536 ----a-w- c:\windows\system32\afasrv32.exe 2011-01-12 06:43:15 -------- d-----w- c:\program\USBESTDI 2011-01-09 17:16:07 -------- d-----w- c:\docume~1\anders\applic~1\Registry Mechanic 2011-01-08 13:34:43 -------- d-----w- c:\program\VS Revo Group 2011-01-08 13:08:52 -------- d-----w- c:\program\Eusing Free Registry Cleaner 2011-01-08 11:15:19 -------- d-----w- c:\program\Wise Registry Cleaner 2011-01-07 19:45:32 344064 ----a-w- c:\windows\system32\drivers\Dr71WU.sys 2011-01-07 18:51:47 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-01-07 18:51:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-07 11:17:57 -------- d-----w- c:\docume~1\anders\applic~1\Symantec 2011-01-07 11:12:15 -------- d-----w- c:\docume~1\anders\lokala~1\applic~1\Symantec 2011-01-06 22:28:50 0 ----a-w- c:\windows\ativpsrm.bin 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET6F.tmp 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET1B8.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET6D.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET1B6.tmp 2011-01-06 20:11:46 -------- d-----w- c:\program\OpenAL 2011-01-06 20:04:20 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2011-01-06 18:44:34 32768 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\objectps.dll 2011-01-06 18:44:34 225280 ----a-w- c:\program\delade filer\installshield\iscript\iscript.dll 2011-01-06 18:44:34 176128 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\iuser.dll 2011-01-06 18:44:33 77824 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\ctor.dll 2011-01-06 18:44:33 212992 ----a-w- c:\program\delade filer\installshield\engine\6\intel 32\ILog.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin7.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin6.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin5.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin4.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin3.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin2.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\mozilla firefox\plugins\npqtplugin.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\internet explorer\plugins\npqtplugin7.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\internet explorer\plugins\npqtplugin5.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\internet explorer\plugins\npqtplugin3.dll 2011-01-02 19:13:15 159744 ----a-w- c:\program\internet explorer\plugins\npqtplugin.dll 2011-01-02 19:09:58 -------- d-----w- c:\program\delade filer\Apple 2011-01-02 19:09:43 -------- d-----w- c:\docume~1\anders\lokala~1\applic~1\Apple ==================== Find3M ==================== 2011-01-19 00:41:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-19 00:41:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-06 00:22:40 916480 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:22:40 916480 ----a-w- c:\windows\system32\wininet(2).dll 2010-11-06 00:22:39 43520 ------w- c:\windows\system32\licmgr10.dll 2010-11-06 00:22:39 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-11-03 12:27:25 385024 ------w- c:\windows\system32\html.iec 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SETEE.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SETC1.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SETB.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET94.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET65.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET38.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET1A2.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET175.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET14C.tmp 2010-11-03 12:25:55 70656 ----a-w- c:\windows\system32\SET11B.tmp ============= FINISH: 0:59:04,98 =============== Attach.zip Så här ser det ut. Hoppas att du kan se var felet ligger. Tack på förhand Mvh Anders

Jag har provat detta. Men utan resultat, tyvärr. Tack för tipset // Alfdj

Symtom: När man öppnar Explorer 8.0 i XP Pro, så är startsidan "http://www.mavideniz.gen/te" den skickar sen till sidan "17search.com". Man kan inte byta startsidan då den har blivit grå. ( Detta har jag löst) Den blockerar blandannat www.google.se m.m. VIKTIGT GÅ INTE TILL DE OVANSTÅENDE SIDORNA ! Man kan gå in på en denna sida och läsa om detta: "http://www.threatexpert.com/report.aspx?md5=b5edb97f7d05852395af08bcdf337b8f" Jag har kört ett antal Antispyware och Antivirus, ett av dem "Malwarebytes' Anti-Malware" hittade tre fel och löste dessa. De program som jag har kört har inte hittat något angrepp. Så jag hoppas att man kan vara "säker" att datorn är ren. Kan man vara helt säker ? Ett av symtomen är kvar som jag vet, Explorer 8 blockerar fortfarande vissa hemsidor som "www.google.se" Någon som vet om det finns en inställning som blockerar hemsidor i explorer ? Någon som har tips att ge ?