kava

Resultatet:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\WINDOWS\SYSTEM32\winfjt32.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Jag scannade med Hijack igen och nu verkar den vara borta men är den det när jag kollar i windows, testar nu.

EDIT: den är kvar i "System 32-mappen"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:06:19, on 2010-03-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Kalle\Skrivbord\HiJackThis.exe

C:\Program\F-Secure\Common\FSLAUNCH.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svenskafans.com/hockeyzon/lif/forum.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [MSKDetct] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/upload/aurigma/ImageUploader4.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: acaptuser32.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kalle/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 11832 bytes

Det går inte att ta bort filen!

"Åtkomst nekad"

Har startat om datorn en gång (den stänger sig inte själv) ska jag göra en ny DDS-logg ändå?

Här kommer filen "Attach" också!

Attach.txt

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kalle at 17:49:09,12 on 2010-03-11

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1250 [GMT 1:00]

AV: F-Secure Anti-Virus Client Security 6.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Anti-Virus Client Security 6.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Spotify\spotify.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\dumprep.exe

C:\Documents and Settings\Kalle\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.svenskafans.com/hockeyzon/lif/forum.asp

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [F-Secure TNB] "c:\program\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program\canon\myprinter\BJMyPrt.exe /logon

mRun: [bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [sM1BG] c:\windows\SM1BG.EXE

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [RoxioDragToDisc] "c:\program\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [NWEReboot]

mRun: [MSKDetectorExe] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [MSKDetct] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\Iaanotif.exe

mRun: [WinampAgent] c:\program\winamp\winampa.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\f-secu~1.lnk - c:\program\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe

IE: &Block this popup - c:\program\f-secure\anti-spyware\blockpopups.htm

IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program\f-secure\anti-spyware\ieshield.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\program\office11\REFIEBAR.DLL

LSP: c:\program\f-secure\fsps\program\FSLSP.DLL

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.postfoto.se/upload/aurigma/ImageUploader4.cab

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Notify: winfjt32 - winfjt32.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-10-24 70896]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\program\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-10-24 32807]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\FSfilter.sys [2006-10-24 48816]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2006-10-24 45056]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\win2k\fsgk.sys [2006-10-24 48256]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\FSrec.sys [2006-10-24 16720]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2006-10-24 110642]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-10 38224]

S2 gupdate;Google Update Service (gupdate);c:\program\google\update\GoogleUpdate.exe [2009-9-26 133104]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys --> c:\windows\system32\drivers\avfsfilter.sys [?]

=============== Created Last 30 ================

2010-03-10 20:46:00 0 d-----w- c:\docume~1\kalle\applic~1\Malwarebytes

2010-03-10 20:45:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 20:45:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 20:45:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-10 20:45:38 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 18:03:03 0 d-----w- c:\program\Messenger

2010-03-10 18:02:52 0 d-----w- c:\windows\l2schemas

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\sv

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\bits

2010-03-10 18:00:35 0 d-----w- c:\windows\ServicePackFiles

2010-03-10 17:58:46 0 d-----w- c:\windows\network diagnostic

2010-03-10 17:55:49 0 d-----w- c:\windows\EHome

2010-03-10 17:47:45 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2010-03-10 17:29:33 0 d-----w- c:\windows\system32\PreInstall

2010-03-10 17:26:58 22752 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-03-10 17:26:58 17624 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-03-10 17:26:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-03-10 17:26:57 15072 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-03-10 17:26:57 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-03-05 16:25:28 0 d-----w- c:\windows\SxsCaPendDel

2010-02-27 08:24:14 39424 ----a-w- c:\windows\system32\winfjt32.dll

2010-02-26 18:24:21 0 d-----w- c:\program\delade filer\Macrovision Shared

2010-02-26 18:23:53 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2010-02-26 18:23:53 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-02-22 17:38:37 26 ----a-w- c:\windows\Zone.Identifier

2010-02-09 20:42:35 0 d-----w- c:\program\Lame for Audacity

2010-02-09 20:19:00 0 d-----w- c:\program\Audacity 1.3 Beta (Unicode)

==================== Find3M ====================

2010-03-10 18:11:59 63494 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-10 18:11:59 384758 ----a-w- c:\windows\system32\perfh01D.dat

2009-04-20 17:07:30 133573480 ----a-w- c:\program\wlsetup-all.exe

2008-11-25 17:47:42 68756776 ----a-w- c:\program\iTunesSetup.exe

2008-02-26 15:45:43 1216496 -c--a-w- c:\program\dnlsetup.exe

2006-11-24 13:24:23 3334480 -c--a-w- c:\program\FotolaboSE-OrderClient-SV.exe

2006-11-07 19:36:32 19666504 -c--a-w- c:\program\QuickTimeInstaller.exe

2004-11-15 13:15:48 1701098 -c--a-w- c:\program\winamp291_std.exe

2003-08-27 13:19:18 36963 -c--a-r- c:\program\delade filer\SM1updtr.dll

2001-10-22 10:09:16 1259960 -c--a-w- c:\program\winzip80.exe

2001-07-10 04:47:42 777728 ----a-w- c:\program\PHOTOED.EXE

1999-10-05 10:50:02 114688 -c--a-w- c:\program\CPsv050.exe

2006-10-24 18:38:42 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-29 09:07:03 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 17:49:21,51 ===============

http://www.virustotal.com/sv/analisis/1c5a74fc1f539d68d057896109da2270c14bd48f03c92f11032382e47f570839-1268324555

Fattar ni något av det här?

Verkar som att vissa program har hittat trojaner.

Resultat: 17/42 (40.48%)

Antivirus Version Senaste Uppdatering Resultat

a-squared 4.5.0.50 2010.03.11 Trojan.Win32.Nebuler!IK

AhnLab-V3 5.0.0.2 2010.03.11 -

AntiVir 8.2.1.180 2010.03.11 TR/Spy.Gen

Antiy-AVL 2.0.3.7 2010.03.11 -

Authentium 5.2.0.5 2010.03.11 -

Avast 4.8.1351.0 2010.03.10 Win32:Nebuler-H

Avast5 5.0.332.0 2010.03.10 Win32:Nebuler-H

AVG 9.0.0.787 2010.03.11 Agent_r.NV

BitDefender 7.2 2010.03.11 -

CAT-QuickHeal 10.00 2010.03.11 -

ClamAV 0.96.0.0-git 2010.03.11 -

Comodo 4225 2010.03.11 -

DrWeb 5.0.1.12222 2010.03.11 Trojan.Mssmsgs.origin

eSafe 7.0.17.0 2010.03.11 -

eTrust-Vet 35.2.7354 2010.03.11 -

F-Prot 4.5.1.85 2010.03.11 -

F-Secure 9.0.15370.0 2010.03.11 -

Fortinet 4.0.14.0 2010.03.09 -

GData 19 2010.03.11 Win32:Nebuler-H

Ikarus T3.1.1.80.0 2010.03.11 Trojan.Win32.Nebuler

Jiangmin 13.0.900 2010.03.11 -

K7AntiVirus 7.10.995 2010.03.11 -

Kaspersky 7.0.0.125 2010.03.11 -

McAfee 5917 2010.03.11 Nebuler.dll

McAfee+Artemis 5917 2010.03.11 Nebuler.dll

McAfee-GW-Edition 6.8.5 2010.03.11 Heuristic.BehavesLike.Win32.Downloader.H

Microsoft 1.5502 2010.03.11 Trojan:Win32/Nebuler.J

NOD32 4935 2010.03.11 -

Norman 6.04.08 2010.03.11 -

nProtect 2009.1.8.0 2010.03.11 -

Panda 10.0.2.2 2010.03.11 -

PCTools 7.0.3.5 2010.03.11 -

Prevx 3.0 2010.03.11 Medium Risk Malware

Rising 22.38.03.04 2010.03.11 Trojan.Win32.Generic.51FA52DB

Sophos 4.51.0 2010.03.11 Troj/Nebule-Gen

Sunbelt 5824 2010.03.11 -

Symantec 20091.2.0.41 2010.03.11 Suspicious.Insight

TheHacker 6.5.2.0.230 2010.03.11 -

TrendMicro 9.120.0.1004 2010.03.11 Mal_Neb-2

VBA32 3.12.12.2 2010.03.11 -

ViRobot 2010.3.11.2222 2010.03.11 -

VirusBuster 5.0.27.0 2010.03.11 -

Nu har jag installerat Malware och "kört" scanning 2 ggr. Båda gångerna stannade programmet vid 12 sekunder och hängde sig där och svarade inte.

Nu ger jag upp för idag, återkommer i morron från jobbet.

Gonatt!

Här kommer loggen från Hijack This.

Får ni ut något som hjälper mig är det nästan dags för Nobelpris;)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:29:39, on 2010-03-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Winamp\winampa.exe

C:\Documents and Settings\Kalle\Lokala inställningar\Temporary Internet Files\Content.IE5\X7SKIPYL\HiJackThis[1].exe

C:\Program\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svenskafans.com/hockeyzon/lif/forum.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [MSKDetct] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/upload/aurigma/ImageUploader4.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: acaptuser32.dll

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kalle/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 12963 bytes

När det gäller mitt problem med att datorn inte vill stänga ner.

Kom på en sak, när jag ska stänga datorn så stängs ju windows mm och sen skärmen.

Innan skärmen blir svart så kommer det upp en ruta där det står "power saving mode".

Datorn fortsätter "utan skärm" och fläkten ökar i varv!

Alla program är ju stängda så varför ökar fläkten i varv?

Hej!

Nej jag har inget tok i datorn förutom allt krångel:)

Jag har försökt rensa bland program p.g.a. seg dator men Sonic Cineplayer skulle jag inte tagit bort trots att jag aldrig använt den medvetat, kanske i bakgrunden.

Edit: såg att Du tipsade om mer, ska kolla det när jag kommer hem ikväll!

Tack!

Hej!

När jag ska öppna någon mapp som innehåller musik eller video vill datorn installera något som heter "Sonic Cinplayer Decoder Pack"

Hur blir jag av med detta?

När jag ska starta om eller stänga datorn så stängs skärmen och det kommer upp en ruta med "Power saving mode" eller liknande sen blir skärmen svart som den ska men datorn fortsätter att "lysa" och fläkten går och datorn stänger aldrig av sig.

Vad gör man i det fallet?

När jag ska öppna utforskaren så har jag plötsligt börjat få ett meddelande: Se bifogad bild.

Hur blir man av med det?

Vore jättetacksam för hjälp!

Tack på förhand!

Kalle

Hej alla!!

Kan någon tala om varför min nya dator ändrar inställning på utseende från klassisk/lönn, som jag ställt in och vill ha, till XP standard vid start av datorn. Det händer nästan varje gång men ibland håller den inställningen.

Vore mycket tacksam för hjälp!!

MVH

kava