SPYWARE - Trojan ? "MAVIDENIZ.GEN.TR/" Någon som har tips att ge ?

[alfdeejay]

Kontrollera stavningen, det ska vara: Mesppanger

FIXAT

När du avinstallerar ska information tas bort från registret, men i din dator finns informationen kvar. Men vi kan se om HijackThis kan användas för att städa bort resterna.

Ladda ner:

http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:12:55, on 2011-02-04

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Net iD\iid.exe

C:\Program\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\ESET\ESET Smart Security\ekrn.exe

C:\Program\Firebird\bin\fbserver.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\TomTom HOME 2\TomTomHOMEService.exe

C:\Program\Brother\BRAgent\BRAgtSrv.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe"

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [TNOD UP] "C:\Program\TNod User & Password Finder\TNODUP.exe" /i

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe

--

End of file - 11774 bytes

[Cecilia]

Det ser ut som att du har ett crackat Eset Smart Security? Stämmer det?

I så fall avinstallera Eset Smart Security och TNod User & Password Finder, starta om datorn och klistra in en ny HijackThis-logg.

Jag hjälper inte folk som crackade Windows och säkerhetsprogram.

[alfdeejay]

Jag vet inte vad Tnod User är. Jag har avinstallerat det nu. Jag vill inte ha några program som jag inte vet vad det är.

Eset Smart Security är en Trial version som jag testar nu. Ska jag avinstallera det också ?

Det ser ut som att du har ett crackat Eset Smart Security? Stämmer det?

I så fall avinstallera Eset Smart Security och TNod User & Password Finder, starta om datorn och klistra in en ny HijackThis-logg.

Jag hjälper inte folk som crackade Windows och säkerhetsprogram.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:19:06, on 2011-02-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Net iD\iid.exe

C:\Program\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\ESET\ESET Smart Security\ekrn.exe

C:\Program\Firebird\bin\fbserver.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\TomTom HOME 2\TomTomHOMEService.exe

C:\Program\Brother\BRAgent\BRAgtSrv.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ANDERS\Application Data\Mozilla\Profiles\default\6uod1zl7.slt\prefs.js)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe"

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe

--

End of file - 11672 bytes

[Cecilia]

Bra!

Då behöver du inte avinstallera Eset Smart Security.

Skanna med HijackThis och bocka för:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O18 - Filter hijack: text/html - (no CLSID) - (no file)

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn.

Klistra in nya DDS-loggar.

[alfdeejay]

Bra!

Då behöver du inte avinstallera Eset Smart Security.

Skyddar Eset Smart Security 4.0 tillräckligt bra ?

Har du något annat program som du kan rekomendera mig ?

Skanna med HijackThis och bocka för:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -

O18 - Filter hijack: text/html - (no CLSID) - (no file)

Avsluta alla andra program.

Tryck Fix checked.

FIXAT

Starta om datorn.

Klistra in nya DDS-loggar.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Anders at 21:07:47,34 on 2011-02-05

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3327.2687 [GMT 1:00]

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Net iD\iid.exe

C:\Program\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

svchost.exe

C:\WINDOWS\system32\Brmfrmps.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\ESET\ESET Smart Security\ekrn.exe

C:\Program\Firebird\bin\fbserver.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\TomTom HOME 2\TomTomHOMEService.exe

C:\Program\Brother\BRAgent\BRAgtSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Documents and Settings\Anders\Skrivbord\SYSTEMCARE\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = about:blank

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program\ws_ftp pro\wsbho2k0.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File

TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [PRONoMgrWired] c:\program\intel\prosetwired\ncs\proset\PRONoMgr.exe

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [Net iD] "c:\program\net id\iid.exe"

mRun: [AudioDrvEmulator] "c:\program\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [WheelMouse] c:\program\a4tech\mouse\Amoumain.exe

mRun: [VolPanel] "c:\program\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [egui] "c:\program\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program\icq6.5\ICQ.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC} - c:\program\java\jre6\bin\npjpi160_23.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office11\REFIEBAR.DLL

DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab

DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.se/s/v/56.25/uploader2.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5BACC17E-BDF7-405B-BC68-ECB506395118} - No File

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - Eudora's Shell Extension

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\windows\system32\srrstr.

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program\delade filer\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anders\applic~1\mozilla\firefox\profiles\uiycgwrd.default\

FF - prefs.js: browser.search.selectedEngine -

FF - plugin: c:\program\google\picasa3\npPicasa3.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\microsoft\office live\npOLW.dll

FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll

FF - plugin: c:\program\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-1-6 97920]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]

R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\SASDIFSV.SYS [2009-9-4 12872]

R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-9-4 67656]

R2 BCMNTIO;BCMNTIO;c:\program\checkit\diagno~1\BCMNTIO.sys [2008-3-21 3744]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-17 12672]

R2 ekrn;ESET Service;c:\program\eset\eset smart security\ekrn.exe [2010-6-24 810144]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program\firebird\bin\fbserver.exe -s --> c:\program\firebird\bin\fbserver.exe -s [?]

R2 MAPMEM;MAPMEM;c:\program\checkit\diagno~1\MAPMEM.sys [2008-3-21 3904]

R2 TomTomHOMEService;TomTomHOMEService;c:\program\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R2 WBA_Agent_Client;Brother BRAgent;c:\program\brother\bragent\BRAgtSrv.exe [2009-8-30 86016]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S0 3112Rx47;3112Rx47;c:\windows\system32\drivers\3112Rx47.sys [2008-4-28 110128]

S2 ioloFileInfoList;iolo FileInfoList Service; [x]

S2 ioloSystemService;iolo System Service; [x]

S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2006-1-11 13824]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\common\database\bin\fbserver.exe [2007-1-7 1527900]

S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\fnettboh.sys --> c:\windows\system32\drivers\FNETTBOH.SYS [?]

S3 fsssvc;Windows Live Family Safety Service;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-9 136704]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-9 8320]

S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [2009-9-28 52656]

S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]

S3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-1-15 12872]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-10-26 42368]

S4 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\glocalnet\bredbandscenter\BredbandscenterUpdater.exe [2008-10-9 1055912]

=============== Created Last 30 ================

2011-02-04 18:12:22 388096 ----a-r- c:\docume~1\anders\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-02-04 18:12:21 -------- d-----w- c:\program\Trend Micro

2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-29 14:50:18 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-29 00:55:09 -------- d-----w- c:\docume~1\anders\applic~1\Malwarebytes

2011-01-29 00:55:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-29 00:55:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-29 00:54:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-29 00:54:57 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2011-01-28 23:46:08 -------- d-----w- c:\program\Mamutu

2011-01-27 21:42:44 83249512 ----a-w- c:\program\delade filer\windows live\.cache\wlc100.tmp

2011-01-27 17:38:41 -------- d-----w- c:\docume~1\anders\applic~1\Tific

2011-01-27 13:12:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton

2011-01-27 13:12:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2011-01-26 22:49:51 -------- d--h--w- c:\windows\ie8

2011-01-26 22:30:39 -------- dc----w- c:\windows\ie8(2)

2011-01-26 21:29:16 -------- dc----w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-19 22:28:59 92672 -c--a-w- c:\windows\system32\dllcache\SETFE.tmp

2011-01-19 22:24:19 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2011-01-19 22:23:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-01-19 22:23:56 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-01-19 22:23:56 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-01-19 16:09:34 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-01-19 16:09:04 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-01-19 16:06:43 2190720 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2011-01-19 16:06:43 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2011-01-19 16:06:42 2067584 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2011-01-19 16:06:42 2025472 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2011-01-19 16:04:20 293376 ------w- c:\windows\system32\browserchoice.exe

2011-01-19 00:36:45 -------- d-----w- c:\program\Innovative Solutions

2011-01-18 21:56:21 -------- d-----w- c:\program\delade filer\ATI Technologies

2011-01-18 21:41:59 -------- d-----w- c:\program\ATI

2011-01-18 21:40:56 -------- d-----w- c:\program\ATI Technologies

2011-01-18 21:34:23 -------- d-----w- C:\AMD

2011-01-18 21:00:59 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll

2011-01-18 20:59:56 598071 -c--a-w- c:\windows\system32\dllcache\fpmmc.dll

2011-01-18 20:56:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2011-01-18 20:56:49 16384 ----a-w- c:\program\internet explorer\connection wizard\isignup.exe

2011-01-18 20:53:09 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe

2011-01-18 20:39:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2011-01-18 20:39:56 24661 ----a-w- c:\windows\system32\spxcoins.dll

2011-01-18 20:39:56 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2011-01-18 20:39:56 13312 ----a-w- c:\windows\system32\irclass.dll

2011-01-18 20:39:31 16825 ----a-r- c:\windows\SET178.tmp

2011-01-18 20:39:29 1088840 ----a-r- c:\windows\SET16C.tmp

2011-01-18 20:39:26 1244837 ----a-r- c:\windows\SET169.tmp

2011-01-18 20:38:36 55808 ----a-w- C:\devcon.exe

2011-01-18 20:38:36 20992 ----a-w- C:\makePNF.exe

2011-01-18 20:38:36 137728 ----a-w- C:\mute.exe

2011-01-18 20:32:23 2519040 ----a-w- c:\windows\system32\nvwssr.dll

2011-01-18 20:31:59 6549504 ----a-w- c:\windows\system32\nvdisps.dll

2011-01-18 20:31:59 1089536 ----a-w- c:\windows\system32\nvcuda.dll

2011-01-18 20:31:53 8523776 ----a-w- c:\windows\system32\nvcpl.dll

2011-01-18 20:31:53 385024 ----a-w- c:\windows\system32\nvapi.dll

2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcodins.dll

2011-01-18 20:31:53 35328 ----a-w- c:\windows\system32\nvcod.dll

2011-01-18 20:31:43 155716 ----a-w- c:\windows\system32\nvsvc32.exe

2011-01-17 22:29:38 -------- d-sh--r- C:\cmdcons

2011-01-17 22:29:37 -------- d-----w- c:\windows\setup.pss

2011-01-17 19:46:11 -------- d-----w- C:\cmdcons(2)

2011-01-12 15:51:24 7435392 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2011-01-12 06:43:15 65536 ----a-w- c:\windows\system32\afasrv32.exe

2011-01-12 06:43:15 -------- d-----w- c:\program\USBESTDI

2011-01-09 17:16:07 -------- d-----w- c:\docume~1\anders\applic~1\Registry Mechanic

2011-01-08 13:34:43 -------- d-----w- c:\program\VS Revo Group

2011-01-08 13:08:52 -------- d-----w- c:\program\Eusing Free Registry Cleaner

2011-01-08 11:15:19 -------- d-----w- c:\program\Wise Registry Cleaner

2011-01-07 19:45:32 344064 ----a-w- c:\windows\system32\drivers\Dr71WU.sys

2011-01-07 18:51:47 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-01-07 18:51:43 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2011-01-07 11:12:15 -------- d-----w- c:\docume~1\anders\lokala~1\applic~1\Symantec

2011-01-06 22:28:50 0 ----a-w- c:\windows\ativpsrm.bin

2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET6F.tmp

2011-01-06 21:53:47 56509 ----a-w- c:\windows\system32\SET1B8.tmp

2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET6D.tmp

2011-01-06 21:53:47 321512 ----a-w- c:\windows\system32\SET1B6.tmp

2011-01-06 20:11:46 -------- d-----w- c:\program\OpenAL

==================== Find3M ====================

2011-01-19 00:41:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2011-01-19 00:41:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 21:09:21,29 ===============

Attach.txt

[Cecilia]

Har du kört HijackThis och DDS inloggad som olika användare eller kört HijackThis som administratör?

För det är så stor skillnad mellan loggarna.

[alfdeejay]

Har du kört HijackThis och DDS inloggad som olika användare eller kört HijackThis som administratör?

För det är så stor skillnad mellan loggarna.

Jag har varit inloggad bara som en användare "Anders" ej adminstratör när jag har kört HiJackthis och DDS.

[Cecilia]

Då förstår jag inte vad som händer. Enligt HijackThis-loggen har Internet Explorer Bing som sökfunktion och inga Java-tillägg. Enligt DDS-loggen har Internet Explorer Google som sökfunktion och flera olika versioner av Java-tillägg. Om du söker på något i Internet Explorers sökruta, vilken söksida kommer upp?

Eftersom det verkar finnas flera inloggningskonton i datorn kan det vara bra med HijackThis-loggar för de andra användarna också.

[alfdeejay]

Då förstår jag inte vad som händer. Enligt HijackThis-loggen har Internet Explorer Bing som sökfunktion och inga Java-tillägg. Enligt DDS-loggen har Internet Explorer Google som sökfunktion och flera olika versioner av Java-tillägg. Om du söker på något i Internet Explorers sökruta, vilken söksida kommer upp?

Internet Explorer har Bing

Eftersom det verkar finnas flera inloggningskonton i datorn kan det vara bra med HijackThis-loggar för de andra användarna också.

Jag har bara två användare "Anders" och "administratör"

OK. Jag gör en HiJackthhis log i "administratör". Återkommer.

[alfdeejay]

Jag har bara två användare "Anders" och "administratör"

OK. Jag gör en HiJackthhis log i "administratör". Återkommer.

Jag trodde att jag hade lagt in loggen men jag hade nog glömt att spara här. Här kommer loggen:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:30:10, on 2011-02-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\explorer.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe"

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [WheelMouse] C:\Program\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program\Delade filer\Nero\Lib\NMFirstStart.exe"

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre6\bin\npjpi160_23.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: ActiveGS.cab - http://activegs.freetoolsassociation.com/ActiveGS.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.se/s/v/56.25/uploader2.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program\Firebird\bin\fbserver.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Brother BRAgent (WBA_Agent_Client) - Unknown owner - C:\Program\Brother\BRAgent\BRAgtSrv.exe

--

End of file - 9887 bytes

[Cecilia]

Väldigt likt dina tidigare HijackThis-loggar.

Jag ser inte till något skadligt i loggarna. Verkar allt bra med datorn nu så att det är dags för en slutstädning?

[alfdeejay]

Väldigt likt dina tidigare HijackThis-loggar.

Jag ser inte till något skadligt i loggarna. Verkar allt bra med datorn nu så att det är dags för en slutstädning?

Bra att du inte ser något skadligt i loggarna. Vad är det jag bör göra med slutstädningen ?

Tack för all hjälp.

Hälsningar

Anders

[Cecilia]

Nu återstår bara en sista städomgång:

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

2. Avinstallera HijackThis. Ta bort DDS-programmet och loggar.

3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home Tänk särskilt på att köra Secunias kontroll så att du inte har gamla programversioner med kända säkerhetshål.

[alfdeejay]

Nu återstår bara en sista städomgång:

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

2. Avinstallera HijackThis. Ta bort DDS-programmet och loggar.

3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

Jag kör XP Pro. Fungerar TFC på XP ?

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home Tänk särskilt på att köra Secunias kontroll så att du inte har gamla programversioner med kända säkerhetshål.

Tack för hjälpen.

Hälsningar

Anders

[Cecilia]

Ingen orsak

TFC ska fungera på XP.