HijackThis logg behöver kollas

[baraim]

Hej!

 

Min dator beter sig lite konstigt vid uppstart. Här är en logg. Vore bra om nån kan hjälpa mig.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:31:16, on 2010-11-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\program\scansoft\paperp~1\pptd40nt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\SMS från Datorn Stand Alone\mw.exe

C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag'>http://www.shareware-sw.com/sv/index.php?rvs=hompag'>http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TBHelper Class - {E46A2169-E328-471A-9788-F2B52BB9C681} - C:\Program\SMS från Datorn Stand Alone\miebho1.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: SMS från Datorn - {6B49F76B-190A-4FC6-83EA-BAAD234BAFF8} - C:\Program\SMS från Datorn Stand Alone\mie1.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [PaperPort PTD] c:\program\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [sMS från Datorn Stand Alone] "C:\Program\SMS från Datorn Stand Alone\mw.exe" /AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Image Transfer.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Skicka som MMS... - file://C:\Program\SMS från Datorn Stand Alone\sendmms.htm

O8 - Extra context menu item: Skicka som SMS... - file://C:\Program\SMS från Datorn Stand Alone\sendsms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/_2_1_8/ActiveX/IfolorUploader_fika.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 9357 bytes

 

Antar att jag fått nåt "skräp" Fick för några dagar sen ett mail från min son som skickats automatiskt och han hade fått ett från mig, så nåt skumt är det.

 

Tacksam för hjälp.

 

Hälsningar Ing-Mari

[Mats H]

Hej,

en DDS logg visar betydligt mera än HiJack This.

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

[baraim]

Nu har jag gjort som du sa:

Här är resultatet: Hoppas det blev rätt.

Tack så mycket.

 

 

DDS (Ver_10-11-26.01) - NTFSx86

Run by Ing-Mari at 21:23:13,71 on 2010-11-25

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1440 [GMT 1:00]

 

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\program\scansoft\paperp~1\pptd40nt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\SMS från Datorn Stand Alone\mw.exe

C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Skype\Plugin Manager\skypePM.exe

svchost.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ing-Mari\Lokala inställningar\Temporary Internet Files\Content.IE5\9472RYMT\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

mSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

mStart Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: TBHelper Class: {e46a2169-e328-471a-9788-f2b52bb9c681} - c:\program\sms från datorn stand alone\miebho1.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: SMS från Datorn: {6b49f76b-190a-4fc6-83ea-baad234baff8} - c:\program\sms från datorn stand alone\mie1.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [skype] "c:\program\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [PaperPort PTD] c:\program\scansoft\paperp~1\pptd40nt.exe

mRun: [share-to-Web Namespace Daemon] c:\program\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [sMS från Datorn Stand Alone] "c:\program\sms från datorn stand alone\mw.exe" /AutoStart

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [LWBMOUSE] c:\program\perfect series\optical mouse\4.0\MOUSE32A.EXE

mRun: [nwiz] c:\program\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\imaget~1.lnk - c:\program\sony corporation\image transfer\SonyTray.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Skicka som MMS... - file://c:\program\sms från datorn stand alone\sendmms.htm

IE: Skicka som SMS... - file://c:\program\sms från datorn stand alone\sendsms.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

Trusted Zone: oriflame.com

Trusted Zone: oriflame.com\se.secure

Trusted Zone: oriflame.com\sweden.secure

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/_2_1_8/ActiveX/IfolorUploader_fika.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\ing-mari\applic~1\mozilla\firefox\profiles\9g4r1ghy.default\

FF - plugin: c:\program\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

============= SERVICES / DRIVERS ===============

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]

R2 BrSerial;Brother Serial Driver;c:\windows\system32\drivers\brserial.sys [2009-9-24 56608]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-15 95568]

R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-15 217088]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-9-24 37376]

R3 brfilt;Brother MFC-filterdrivrutin;c:\windows\system32\drivers\BrFilt.sys [2009-9-24 2944]

R3 brparimg;Drivrutin för Brother parallell multifunktionsbild;c:\windows\system32\drivers\BrParImg.sys [2009-9-24 3168]

R3 BrParWdm;Parallell Brother WDM-drivrutin;c:\windows\system32\drivers\BrParwdm.sys [2009-9-24 39680]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-15 18120]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-15 36640]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-8-28 91496]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-25 27632]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-11-3 136176]

S3 cpuz132;cpuz132;\??\c:\docume~1\ing-mari\lokala~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ing-mari\lokala~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-7-11 102656]

S3 InputPen;USB Input Pen;c:\windows\system32\drivers\InputPen2K.sys [2009-9-24 13997]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-10-25 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-10-25 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-10-25 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-10-25 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-10-25 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-10-25 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-10-25 115752]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-15 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-15 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-15 121576]

 

=============== Created Last 30 ================

 

2010-11-25 19:25:49 388096 ----a-r- c:\docume~1\ing-mari\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-25 19:25:47 -------- d-----w- c:\program\Trend Micro

2010-11-03 15:59:19 -------- d-----w- c:\windows\system32\Adobe

 

==================== Find3M ====================

 

2010-09-18 10:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:42 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:42 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:42 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 08:37:40 95568 ----a-w- c:\windows\system32\dgdersvc.exe

2010-09-15 08:37:40 763216 ----a-w- c:\windows\system32\dgderapi.dll

2010-09-15 08:33:32 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2010-09-15 08:33:32 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe

2010-09-15 08:33:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2010-09-10 05:52:34 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:16:03 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-09-07 15:16:03 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-09-01 11:52:44 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:46 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-28 15:24:49 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

 

============= FINISH: 21:23:50,07 ===============

[Mats H]

Hej,

kör en snabbskanner med Malwarebytes.

Hittas här:

Malwarebytes' Anti-Malware

Följ programmets instruktioner om något hittas.

Återkom med en logg från körningen. Hittas under fliken Loggar.

Klistra in den här i din tråd.

Mvh

Mats H

[baraim]

Hej!

 

Här kommer loggen från Malwarebytes:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 5193

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2010-11-26 17:04:51

mbam-log-2010-11-26 (17-04-51).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 142506

Förfluten tid: 6 minut(er), 33 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

Hälsningar Ing-Mari

[Mats H]

Hej,

bra att inget hittades.

Börja med att ta bort denna sökmotor i webbläsarna:

www.shareware-sw.com/sv/

Se WOT klassificering,. http://www.mywot.com/sv/scorecard/shareware-sw.com

 

Ta bort den gammal Java via Kontrollpanelen - Program, 6 Update 20.

Gå till denna sida och uppdatera till senaste version, http://www.java.com/sv/download/

 

Kör sedan en ny DDS.

Mvh

Mats H

[baraim]

Hej!

 

Hur gör jag för att ta bort en sökmotor?

Det andra har jag fixat samt plockat bort lite program som jag aldrig använder.

 

Ing-Mari

[baraim]

Hej igen!

 

Hittade info om hur man gjorde.

 

Tog bort alla utom Google. Här kommer en ny logg:

 

 

DDS (Ver_10-11-26.01) - NTFSx86

Run by Ing-Mari at 0:14:13,57 on 2010-11-27

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.2047.1441 [GMT 1:00]

 

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\program\scansoft\paperp~1\pptd40nt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\SMS från Datorn Stand Alone\mw.exe

C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

svchost.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ing-Mari\Lokala inställningar\Temporary Internet Files\Content.IE5\9472RYMT\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

mSearch Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

mStart Page = hxxp://www.shareware-sw.com/sv/index.php?rvs=hompag

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: TBHelper Class: {e46a2169-e328-471a-9788-f2b52bb9c681} - c:\program\sms från datorn stand alone\miebho1.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: SMS från Datorn: {6b49f76b-190a-4fc6-83ea-baad234baff8} - c:\program\sms från datorn stand alone\mie1.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [PaperPort PTD] c:\program\scansoft\paperp~1\pptd40nt.exe

mRun: [share-to-Web Namespace Daemon] c:\program\hewlett-packard\hp share-to-web\hpgs2wnd.exe

mRun: [sMS från Datorn Stand Alone] "c:\program\sms från datorn stand alone\mw.exe" /AutoStart

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [LWBMOUSE] c:\program\perfect series\optical mouse\4.0\MOUSE32A.EXE

mRun: [nwiz] c:\program\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\imaget~1.lnk - c:\program\sony corporation\image transfer\SonyTray.exe

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Skicka som MMS... - file://c:\program\sms från datorn stand alone\sendmms.htm

IE: Skicka som SMS... - file://c:\program\sms från datorn stand alone\sendsms.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

Trusted Zone: oriflame.com

Trusted Zone: oriflame.com\se.secure

Trusted Zone: oriflame.com\sweden.secure

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/_2_1_8/ActiveX/IfolorUploader_fika.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program\delade filer\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

 

============= SERVICES / DRIVERS ===============

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]

R2 BrSerial;Brother Serial Driver;c:\windows\system32\drivers\brserial.sys [2009-9-24 56608]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-15 95568]

R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-15 217088]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-9-24 37376]

R3 brfilt;Brother MFC-filterdrivrutin;c:\windows\system32\drivers\BrFilt.sys [2009-9-24 2944]

R3 brparimg;Drivrutin för Brother parallell multifunktionsbild;c:\windows\system32\drivers\BrParImg.sys [2009-9-24 3168]

R3 BrParWdm;Parallell Brother WDM-drivrutin;c:\windows\system32\drivers\BrParwdm.sys [2009-9-24 39680]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-15 18120]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-15 36640]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-8-28 91496]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-10-25 27632]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-11-3 136176]

S3 cpuz132;cpuz132;\??\c:\docume~1\ing-mari\lokala~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ing-mari\lokala~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-7-11 102656]

S3 InputPen;USB Input Pen;c:\windows\system32\drivers\InputPen2K.sys [2009-9-24 13997]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-10-25 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-10-25 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-10-25 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-10-25 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-10-25 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-10-25 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-10-25 115752]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-15 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-15 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-15 121576]

 

=============== Created Last 30 ================

 

2010-11-26 22:55:24 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-26 15:57:07 -------- d-----w- c:\docume~1\ing-mari\applic~1\Malwarebytes

2010-11-26 15:57:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-26 15:57:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-26 15:57:01 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-11-26 15:57:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-11-25 19:25:49 388096 ----a-r- c:\docume~1\ing-mari\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-11-25 19:25:47 -------- d-----w- c:\program\Trend Micro

2010-11-06 10:37:34 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll

2010-11-03 15:59:19 -------- d-----w- c:\windows\system32\Adobe

 

==================== Find3M ====================

 

2010-11-26 22:55:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-18 10:23:44 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:42 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:42 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:42 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 08:37:40 95568 ----a-w- c:\windows\system32\dgdersvc.exe

2010-09-15 08:37:40 763216 ----a-w- c:\windows\system32\dgderapi.dll

2010-09-15 08:33:32 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys

2010-09-15 08:33:32 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe

2010-09-15 08:33:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll

2010-09-10 05:52:34 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:52:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:52:30 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:16:03 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-09-07 15:16:03 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-09-01 11:52:44 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-09-01 07:57:46 1852800 ----a-w- c:\windows\system32\win32k.sys

 

============= FINISH: 0:14:46,17 ===============

Attach20101127.txt

[Mats H]

Hej,

kör HiJack This, "Do a System Scan and Save a Log".

Klistra in den här i din tråd.

Mvh

Mats h

[baraim]

Hej!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:17:14, on 2010-11-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\program\scansoft\paperp~1\pptd40nt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\SMS från Datorn Stand Alone\mw.exe

C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag'>http://www.shareware-sw.com/sv/index.php?rvs=hompag'>http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TBHelper Class - {E46A2169-E328-471A-9788-F2B52BB9C681} - C:\Program\SMS från Datorn Stand Alone\miebho1.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: SMS från Datorn - {6B49F76B-190A-4FC6-83EA-BAAD234BAFF8} - C:\Program\SMS från Datorn Stand Alone\mie1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [PaperPort PTD] c:\program\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sMS från Datorn Stand Alone] "C:\Program\SMS från Datorn Stand Alone\mw.exe" /AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Image Transfer.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Skicka som MMS... - file://C:\Program\SMS från Datorn Stand Alone\sendmms.htm

O8 - Extra context menu item: Skicka som SMS... - file://C:\Program\SMS från Datorn Stand Alone\sendsms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/_2_1_8/ActiveX/IfolorUploader_fika.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8499 bytes

 

Hälsningar Ing-Mari

[baraim]

Hej!

 

Har jag inte fått bort sökmotorn???? eller vad betyder den röda texten. Vore intressant att veta.

 

Ing-Mari

[baraim]

Hej!

 

Tror att jag gjorde nåt fel för jag gjorde en logg till och den blev annorlunda. Kanske den gamla loggen låg kvar?

 

Här är den senaste:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:28:48, on 2010-11-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\program\scansoft\paperp~1\pptd40nt.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\SMS från Datorn Stand Alone\mw.exe

C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\BRMFRSMG.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Sony Corporation\Image Transfer\SonyTray.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Outlook Express\msimn.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag'>http://www.shareware-sw.com/sv/index.php?rvs=hompag'>http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-sw.com/sv/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TBHelper Class - {E46A2169-E328-471A-9788-F2B52BB9C681} - C:\Program\SMS från Datorn Stand Alone\miebho1.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: SMS från Datorn - {6B49F76B-190A-4FC6-83EA-BAAD234BAFF8} - C:\Program\SMS från Datorn Stand Alone\mie1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [PaperPort PTD] c:\program\scansoft\paperp~1\pptd40nt.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [sMS från Datorn Stand Alone] "C:\Program\SMS från Datorn Stand Alone\mw.exe" /AutoStart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program\PERFECT SERIES\Optical MOUSE\4.0\MOUSE32A.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Image Transfer.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O8 - Extra context menu item: Skicka som MMS... - file://C:\Program\SMS från Datorn Stand Alone\sendmms.htm

O8 - Extra context menu item: Skicka som SMS... - file://C:\Program\SMS från Datorn Stand Alone\sendsms.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral/LowRes/app_support/_2_1_8/ActiveX/IfolorUploader_fika.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 8487 bytes

[Cecilia]

Eforum gör alla länkar röda.

 

Mats är upptagen på annat håll idag.

 

Skanna med HijackThis och bocka för:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware....php?rvs=hompag'>http://www.shareware....php?rvs=hompag'>http://www.shareware....php?rvs=hompag

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware....php?rvs=hompag

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware....php?rvs=hompag

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Det är det enda vi har sett i loggarna.

 

Om datorn fortfarande beter sig konstigt vid uppstart får du förklara närmare vad du menar.

 

När det gäller de spammejl du nämnde så byt lösenord, och eventuell hemlig fråga, utifall att någon har kommit över lösenordet.

[baraim]

Hej och tusen tack för hjälpen!

 

Då fanns det inga jätteläskiga saker på datorn, vad skönt.

 

Startproblemen med datorn är/var att det tar väldigt lång tid och ibland kommer det upp konstiga rutor som inte brukar komma upp. Ibland startade den inte alls utan låste sig. Det har det inte gjort de senaste gångerna så jag hoppas att det har hjälpt att rensa lite.

 

Såg verkligen inte fram emot att få tömma hela datorn och allt jobb som blir.

 

Ing-Mari

[Cecilia]

En långsam uppstart kan ibland bero på att hårddisken inte är riktigt frisk så se till att ha säkerhetskopior av alla viktiga filer.

[baraim]

Hej!

 

Den är inte ens särskilt gammal, men jag antar att den kan gå sönder ändå. Som tur är har jag en extern disk som jag sparar det mest viktiga på, men jag tar en extra koll. Tack för varningen!

 

Det här forumet är ju helt underbart. Vilken räddare i nöden, en eloge till er som hjälpt mig.

 

Ha en trevlig helg!

 

Ing-Mari