alfdeejay Postad Februari 4, 2011 Författare Dela Postad Februari 4, 2011 Kontrollera stavningen, det ska vara: Mesppanger FIXAT När du avinstallerar ska information tas bort från registret, men i din dator finns informationen kvar. Men vi kan se om HijackThis kan användas för att städa bort resterna. Ladda ner: http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:12:55, on 2011-02-04 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\msiexec.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe" O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [TNOD UP] "C:\Program\TNod User & Password Finder\TNODUP.exe" /i O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe -- End of file - 11774 bytes Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 4, 2011 Dela Postad Februari 4, 2011 Det ser ut som att du har ett crackat Eset Smart Security? Stämmer det? I så fall avinstallera Eset Smart Security och TNod User & Password Finder, starta om datorn och klistra in en ny HijackThis-logg. Jag hjälper inte folk som crackade Windows och säkerhetsprogram. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 4, 2011 Författare Dela Postad Februari 4, 2011 Jag vet inte vad Tnod User är. Jag har avinstallerat det nu. Jag vill inte ha några program som jag inte vet vad det är. Eset Smart Security är en Trial version som jag testar nu. Ska jag avinstallera det också ? Det ser ut som att du har ett crackat Eset Smart Security? Stämmer det? I så fall avinstallera Eset Smart Security och TNod User & Password Finder, starta om datorn och klistra in en ny HijackThis-logg. Jag hjälper inte folk som crackade Windows och säkerhetsprogram. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:19:06, on 2011-02-05 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Mozilla Firefox\firefox.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe" O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe -- End of file - 11672 bytes Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 5, 2011 Dela Postad Februari 5, 2011 Bra! Då behöver du inte avinstallera Eset Smart Security. Skanna med HijackThis och bocka för: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O18 - Filter hijack: text/html - (no CLSID) - (no file) Avsluta alla andra program. Tryck Fix checked. Starta om datorn. Klistra in nya DDS-loggar. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 5, 2011 Författare Dela Postad Februari 5, 2011 Bra! Då behöver du inte avinstallera Eset Smart Security. Skyddar Eset Smart Security 4.0 tillräckligt bra ? Har du något annat program som du kan rekomendera mig ? Skanna med HijackThis och bocka för: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O18 - Filter hijack: text/html - (no CLSID) - (no file) Avsluta alla andra program. Tryck Fix checked. FIXAT Starta om datorn. Klistra in nya DDS-loggar. DDS (Ver_10-12-12.02) - NTFSx86 Run by Anders at 21:07:47,34 on 2011-02-05 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3327.2687 [GMT 1:00] AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program\Net iD\iid.exe C:\Program\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe svchost.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program\ESET\ESET Smart Security\ekrn.exe C:\Program\Firebird\bin\fbserver.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program\TomTom HOME 2\TomTomHOMEService.exe C:\Program\Brother\BRAgent\BRAgtSrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Documents and Settings\Anders\Skrivbord\SYSTEMCARE\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program\ws_ftp pro\wsbho2k0.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [PRONoMgrWired] c:\program\intel\prosetwired\ncs\proset\PRONoMgr.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [Net iD] "c:\program\net id\iid.exe" mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [MsmqIntCert] regsvr32 /s mqrt.dll mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [WheelMouse] c:\program\a4tech\mouse\Amoumain.exe mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [egui] "c:\program\eset\eset smart security\egui.exe" /hide /waitservice mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program\icq6.5\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program\java\jre6\bin\npjpi160_23.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.se/s/v/56.25/uploader2.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {5BACC17E-BDF7-405B-BC68-ECB506395118} - No File SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\system32\srrstr. mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\anders\applic~1\mozilla\firefox\profiles\uiycgwrd.default\ FF - prefs.js: browser.search.selectedEngine - FF - plugin: c:\program\google\picasa3\npPicasa3.dll FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program\microsoft\office live\npOLW.dll FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program\personal\bin\np_prsnl.dll FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 ============= SERVICES / DRIVERS =============== R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-1-6 97920] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-9-4 12872] R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-9-4 67656] R2 BCMNTIO;BCMNTIO;c:\program\checkit\diagno~1\BCMNTIO.sys [2008-3-21 3744] R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-17 12672] R2 ekrn;ESET Service;c:\program\eset\eset smart security\ekrn.exe [2010-6-24 810144] R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program\firebird\bin\fbserver.exe -s --> c:\program\firebird\bin\fbserver.exe -s [?] R2 MAPMEM;MAPMEM;c:\program\checkit\diagno~1\MAPMEM.sys [2008-3-21 3904] R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] R2 WBA_Agent_Client;Brother BRAgent;c:\program\brother\bragent\BRAgtSrv.exe [2009-8-30 86016] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2008-4-28 110128] S2 ioloFileInfoList;iolo FileInfoList Service; [x] S2 ioloSystemService;iolo System Service; [x] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-1-11 13824] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2007-1-7 1527900] S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?] S3 fsssvc;Windows Live Family Safety Service;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-9 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-9 8320] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656] S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?] S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-1-15 12872] S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-26 42368] S4 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\glocalnet\bredbandscenter\BredbandscenterUpdater.exe [2008-10-9 1055912] =============== Created Last 30 ================ 2011-02-04 18:12:22 388096 ----a-r- c:\docume~1\anders\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-02-04 18:12:21 -------- d-----w- c:\program\Trend Micro 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\Repository 2011-01-29 00:55:09 -------- d-----w- c:\docume~1\anders\applic~1\Malwarebytes 2011-01-29 00:55:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-01-29 00:55:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-01-29 00:54:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-01-29 00:54:57 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2011-01-28 23:46:08 -------- d-----w- c:\program\Mamutu 2011-01-27 21:42:44 83249512 ----a-w- c:\program\delade filer\windows live\.cache\wlc100.tmp 2011-01-27 17:38:41 -------- d-----w- c:\docume~1\anders\applic~1\Tific 2011-01-27 13:12:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2011-01-27 13:12:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2011-01-26 22:49:51 -------- d--h--w- c:\windows\ie8 2011-01-26 22:30:39 -------- dc----w- c:\windows\ie8(2) 2011-01-26 21:29:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-19 22:28:59 92672 -c--a-w- c:\windows\system32\dllcache\SETFE.tmp 2011-01-19 22:24:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll 2011-01-19 22:23:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2011-01-19 22:23:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2011-01-19 22:23:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2011-01-19 16:09:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2011-01-19 16:09:04 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2011-01-19 16:06:43 2190720 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2011-01-19 16:06:43 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2011-01-19 16:06:42 2067584 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2011-01-19 16:06:42 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2011-01-19 16:04:20 293376 ------w- c:\windows\system32\browserchoice.exe 2011-01-19 00:36:45 -------- d-----w- c:\program\Innovative Solutions 2011-01-18 21:56:21 -------- d-----w- c:\program\delade filer\ATI Technologies 2011-01-18 21:41:59 -------- d-----w- c:\program\ATI 2011-01-18 21:40:56 -------- d-----w- c:\program\ATI Technologies 2011-01-18 21:34:23 -------- d-----w- C:\AMD 2011-01-18 21:00:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll 2011-01-18 20:59:56 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll 2011-01-18 20:56:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2011-01-18 20:56:49 16384 ----a-w- c:\program\internet explorer\connection wizard\isignup.exe 2011-01-18 20:53:09 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2011-01-18 20:39:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2011-01-18 20:39:56 24661 ----a-w- c:\windows\system32\spxcoins.dll 2011-01-18 20:39:56 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2011-01-18 20:39:56 13312 ----a-w- c:\windows\system32\irclass.dll 2011-01-18 20:39:31 16825 ----a-r- c:\windows\SET178.tmp 2011-01-18 20:39:29 1088840 ----a-r- c:\windows\SET16C.tmp 2011-01-18 20:39:26 1244837 ----a-r- c:\windows\SET169.tmp 2011-01-18 20:38:36 55808 ----a-w- C:\devcon.exe 2011-01-18 20:38:36 20992 ----a-w- C:\makePNF.exe 2011-01-18 20:38:36 137728 ----a-w- C:\mute.exe 2011-01-18 20:32:23 2519040 ----a-w- c:\windows\system32\nvwssr.dll 2011-01-18 20:31:59 6549504 ----a-w- c:\windows\system32\nvdisps.dll 2011-01-18 20:31:59 1089536 ----a-w- c:\windows\system32\nvcuda.dll 2011-01-18 20:31:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll 2011-01-18 20:31:53 385024 ----a-w- c:\windows\system32\nvapi.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcodins.dll 2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcod.dll 2011-01-18 20:31:43 155716 ----a-w- c:\windows\system32\nvsvc32.exe 2011-01-17 22:29:38 -------- d-sh--r- C:\cmdcons 2011-01-17 22:29:37 -------- d-----w- c:\windows\setup.pss 2011-01-17 19:46:11 -------- d-----w- C:\cmdcons(2) 2011-01-12 15:51:24 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-01-12 06:43:15 65536 ----a-w- c:\windows\system32\afasrv32.exe 2011-01-12 06:43:15 -------- d-----w- c:\program\USBESTDI 2011-01-09 17:16:07 -------- d-----w- c:\docume~1\anders\applic~1\Registry Mechanic 2011-01-08 13:34:43 -------- d-----w- c:\program\VS Revo Group 2011-01-08 13:08:52 -------- d-----w- c:\program\Eusing Free Registry Cleaner 2011-01-08 11:15:19 -------- d-----w- c:\program\Wise Registry Cleaner 2011-01-07 19:45:32 344064 ----a-w- c:\windows\system32\drivers\Dr71WU.sys 2011-01-07 18:51:47 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2011-01-07 18:51:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-01-07 11:12:15 -------- d-----w- c:\docume~1\anders\lokala~1\applic~1\Symantec 2011-01-06 22:28:50 0 ----a-w- c:\windows\ativpsrm.bin 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET6F.tmp 2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET1B8.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET6D.tmp 2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET1B6.tmp 2011-01-06 20:11:46 -------- d-----w- c:\program\OpenAL ==================== Find3M ==================== 2011-01-19 00:41:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2011-01-19 00:41:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll ============= FINISH: 21:09:21,29 =============== Attach.txt Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 5, 2011 Dela Postad Februari 5, 2011 Har du kört HijackThis och DDS inloggad som olika användare eller kört HijackThis som administratör? För det är så stor skillnad mellan loggarna. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 5, 2011 Författare Dela Postad Februari 5, 2011 Har du kört HijackThis och DDS inloggad som olika användare eller kört HijackThis som administratör? För det är så stor skillnad mellan loggarna. Jag har varit inloggad bara som en användare "Anders" ej adminstratör när jag har kört HiJackthis och DDS. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 5, 2011 Dela Postad Februari 5, 2011 Då förstår jag inte vad som händer. Enligt HijackThis-loggen har Internet Explorer Bing som sökfunktion och inga Java-tillägg. Enligt DDS-loggen har Internet Explorer Google som sökfunktion och flera olika versioner av Java-tillägg. Om du söker på något i Internet Explorers sökruta, vilken söksida kommer upp? Eftersom det verkar finnas flera inloggningskonton i datorn kan det vara bra med HijackThis-loggar för de andra användarna också. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 6, 2011 Författare Dela Postad Februari 6, 2011 Då förstår jag inte vad som händer. Enligt HijackThis-loggen har Internet Explorer Bing som sökfunktion och inga Java-tillägg. Enligt DDS-loggen har Internet Explorer Google som sökfunktion och flera olika versioner av Java-tillägg. Om du söker på något i Internet Explorers sökruta, vilken söksida kommer upp? Internet Explorer har Bing Eftersom det verkar finnas flera inloggningskonton i datorn kan det vara bra med HijackThis-loggar för de andra användarna också. Jag har bara två användare "Anders" och "administratör" OK. Jag gör en HiJackthhis log i "administratör". Återkommer. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 9, 2011 Författare Dela Postad Februari 9, 2011 Jag har bara två användare "Anders" och "administratör" OK. Jag gör en HiJackthhis log i "administratör". Återkommer. Jag trodde att jag hade lagt in loggen men jag hade nog glömt att spara här. Här kommer loggen: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:30:10, on 2011-02-06 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\explorer.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe" O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program\Delade filer\Nero\Lib\NMFirstStart.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe -- End of file - 9887 bytes Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 9, 2011 Dela Postad Februari 9, 2011 Väldigt likt dina tidigare HijackThis-loggar. Jag ser inte till något skadligt i loggarna. Verkar allt bra med datorn nu så att det är dags för en slutstädning? Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 9, 2011 Författare Dela Postad Februari 9, 2011 Väldigt likt dina tidigare HijackThis-loggar. Jag ser inte till något skadligt i loggarna. Verkar allt bra med datorn nu så att det är dags för en slutstädning? Bra att du inte ser något skadligt i loggarna. Vad är det jag bör göra med slutstädningen ? Tack för all hjälp. Hälsningar Anders Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 9, 2011 Dela Postad Februari 9, 2011 Nu återstår bara en sista städomgång: 1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Börja med att skapa en ny systemåterställningspunkt: XP: Start - Program- Tillbehör - Systemverktyg - Systemåterställning Välj att skapa en ny återställningspunkt och tryck på Nästa. Vista och Windows 7: Högerklick på Datorn - Egenskaper - Systemskydd Tryck på Skapa. Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet. Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper. På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den. Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste. 2. Avinstallera HijackThis. Ta bort DDS-programmet och loggar. 3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet. http://oldtimer.geekstogo.com/TFC.exe Stäng alla program och fönster. Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör). Klicka på Start-knappen för att starta städningen. Det kan ta några minuter och låt datorn vara ifred under tiden. När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen. 4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home Tänk särskilt på att köra Secunias kontroll så att du inte har gamla programversioner med kända säkerhetshål. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
alfdeejay Postad Februari 12, 2011 Författare Dela Postad Februari 12, 2011 Nu återstår bara en sista städomgång: 1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Börja med att skapa en ny systemåterställningspunkt: XP: Start - Program- Tillbehör - Systemverktyg - Systemåterställning Välj att skapa en ny återställningspunkt och tryck på Nästa. Vista och Windows 7: Högerklick på Datorn - Egenskaper - Systemskydd Tryck på Skapa. Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet. Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper. På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den. Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste. 2. Avinstallera HijackThis. Ta bort DDS-programmet och loggar. 3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet. http://oldtimer.geekstogo.com/TFC.exe Stäng alla program och fönster. Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör). Klicka på Start-knappen för att starta städningen. Det kan ta några minuter och låt datorn vara ifred under tiden. Jag kör XP Pro. Fungerar TFC på XP ? När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen. 4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home Tänk särskilt på att köra Secunias kontroll så att du inte har gamla programversioner med kända säkerhetshål. Tack för hjälpen. Hälsningar Anders Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Cecilia Postad Februari 12, 2011 Dela Postad Februari 12, 2011 Ingen orsak TFC ska fungera på XP. Citera Länk till kommentar Dela på andra webbplatser Fler delningsalternativ...
Recommended Posts
Delta i dialogen
Du kan skriva svaret nu och registrera dig senare, Om du har ett konto, logga in nu för att svara på inlägget.