Gå till innehåll

Annan

Medlem
 Visa profil  Visa deras aktivitet

  • Innehållsantal

    17

  • Gick med

  • Besökte senast

 Innehållstyp 

Inlägg postade av Annan

    Backdoor.Win32.Agent.afqs

    i Borttagning av virus och andra skadliga program

    Postad

    Hej! Ok undrade faktiskt vart du tagit vägen :)

    1,5 Gig ska räcka bra även med F-secure ;)

    Ja har det krånglat länge så kanske det inte är så dum ide!?

    Har du provat att reparera trasiga systemfiler(sfc /scannow)?

    Hur ligger du till med uppdateringar av drivrutiner?

    Mvh MrO

    Nej, jag har inte provat att reparera trasiga systemfiler. Hur gör man det?

    Jag uppdaterar inte själv några drivrutiner. Kan det ske automatiskt?

    Mvh Annan

    Backdoor.Win32.Agent.afqs

    i Borttagning av virus och andra skadliga program

    Postad

    Hej!

    Oj, jag hade missat att kryssa i att jag önskade svar till min mail och i allt som är nu föll det bort.

    Aha, falskt alarm. Skönt.

    Jag tror jag har 1,5 Gb i Ramminne nu.

    Datorn är riktigt seg.

    Körde Combofix för ett tag sedan. Datorn blev tillfälligt snabbare, men det dröjde inte länge förrän den var långsam igen. Undra om det inte blir samma sak nu. Behöver jag kanske rensa datorn och köra ominstallation? Hm...eller som sagt köpa till Ramminne?

    Annan

    Backdoor.Win32.Agent.afqs

    i Borttagning av virus och andra skadliga program

    Postad

    Hej!

    Den är tyvärr fortfarande långsam, både när det gäller att öppna program och surfning.

    1. Om det står "åtgärd misslyckades" (se ovan), innebär det att backdoor-grejen är kvar i datorn och att virusprogrammet inte lyckades ta bort den?

    2. Hur vet man om datorn är seg för att jag behöver mer RAM-minne?

    Eller måste jag rensa datorn och göra en ominstallation?

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:57:32, on 2009-05-04

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16827)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE

    C:\Program\Java\jre6\bin\jqs.exe

    C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\MsPMSPSv.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ezSP_Px.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE

    C:\Program\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\Internet Explorer\iexplore.exe

    C:\Program\Trend Micro\HijackThis\Rensare.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Mina dokument\downloads\rpbrowserrecordplugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program\SMART Technologies\Notebook Software\NotebookPlugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: SMART Board Tools.lnk = C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader5.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader4.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://normannvik.viewnetcam.com/JpegInst.cab

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program\Creative\Shared Files\CTDevSrv.exe (file missing)

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: SMART Board-tjänsten (SMART Board Service) - SMART Technologies - C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe

    O23 - Service: SMART Webbserver (SMART Web Server) - Unknown owner - C:\Program\SMART Technologies\SMART Board Drivers\WebServer.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

    --

    End of file - 9668 bytes

    Backdoor.Win32.Agent.afqs

    i Borttagning av virus och andra skadliga program

    Postad

    Hej MrO!

    Angående säkerhetspaketet så har jag varit i kontakt med dem, men de menar att den inte tar mer kraft än den "senaste" versionen.

    Här senaste versionen...men den hittade inget heller.

    Malwarebytes' Anti-Malware 1.36

    Databasversion: 2069

    Windows 5.1.2600 Service Pack 3

    2009-05-03 13:09:24

    mbam-log-2009-05-03 (13-09-24).txt

    Skanningstyp: Snabb skanning

    Antal skannade objekt: 102846

    Förfluten tid: 7 minute(s), 56 second(s)

    Infekterade minnesprocesser: 0

    Infekterade minnesmoduler: 0

    Infekterade registernycklar: 0

    Infekterade registervärden: 0

    Infekterade registerdataposter: 0

    Infekterade mappar: 0

    Infekterade filer: 0

    Infekterade minnesprocesser:

    (Inga illasinnade poster hittades)

    Infekterade minnesmoduler:

    (Inga illasinnade poster hittades)

    Infekterade registernycklar:

    (Inga illasinnade poster hittades)

    Infekterade registervärden:

    (Inga illasinnade poster hittades)

    Infekterade registerdataposter:

    (Inga illasinnade poster hittades)

    Infekterade mappar:

    (Inga illasinnade poster hittades)

    Infekterade filer:

    (Inga illasinnade poster hittades)

    Backdoor.Win32.Agent.afqs

    i Borttagning av virus och andra skadliga program

    Postad

    *********************************************

    2009-06-06:

    Tråden är låst då problemet är löst.

    Tycker du att den är felaktigt låst, var god kontakta

    Malou

    *********************************************

    Hej!

    För ett tag sedan så kom ett fönster upp där det stod

    C\windows\system32\wbem\wmirvse.exe

    Angrepp: Backdoor.Win32.Agent.afqs

    Åtgärd misslyckades

    Innebär det att virusprogrammet inte lyckades ta bort trojanen eller vad det nu är?

    Det är något konstigt med datorn.

    Den startar varje gång med ett svart fönster som påminner om felsäkert läge.

    Den är långsam och har väldigt lite kraft.

    Men virusprogrammet hittar inget.

    Kan viruset/trojanen vara kvar?

    Mvh Annan

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:00:50, on 2009-05-03

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16827)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE

    C:\Program\Java\jre6\bin\jqs.exe

    C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\MsPMSPSv.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\ezSP_Px.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE

    C:\Program\QuickTime\QTTask.exe

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\Program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program\internet explorer\iexplore.exe

    C:\Program\Trend Micro\HijackThis\Rensare.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Mina dokument\downloads\rpbrowserrecordplugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program\SMART Technologies\Notebook Software\NotebookPlugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: SMART Board Tools.lnk = C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader5.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader4.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://normannvik.viewnetcam.com/JpegInst.cab

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program\Creative\Shared Files\CTDevSrv.exe (file missing)

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: SMART Board-tjänsten (SMART Board Service) - SMART Technologies - C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe

    O23 - Service: SMART Webbserver (SMART Web Server) - Unknown owner - C:\Program\SMART Technologies\SMART Board Drivers\WebServer.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

    --

    End of file - 10186 bytes

    Malwarebytes' Anti-Malware 1.34

    Databasversion: 1865

    Windows 5.1.2600 Service Pack 3

    2009-05-03 10:45:55

    mbam-log-2009-05-03 (10-45-55).txt

    Skanningstyp: Snabb skanning

    Antal skannade objekt: 83534

    Förfluten tid: 14 minute(s), 41 second(s)

    Infekterade minnesprocesser: 0

    Infekterade minnesmoduler: 0

    Infekterade registernycklar: 0

    Infekterade registervärden: 0

    Infekterade registerdataposter: 0

    Infekterade mappar: 0

    Infekterade filer: 0

    Infekterade minnesprocesser:

    (Inga illasinnade poster hittades)

    Infekterade minnesmoduler:

    (Inga illasinnade poster hittades)

    Infekterade registernycklar:

    (Inga illasinnade poster hittades)

    Infekterade registervärden:

    (Inga illasinnade poster hittades)

    Infekterade registerdataposter:

    (Inga illasinnade poster hittades)

    Infekterade mappar:

    (Inga illasinnade poster hittades)

    Infekterade filer:

    (Inga illasinnade poster hittades)

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Hej där..

    Absolut inte,

    Det är bättre att du har den på din xpcd som vanligt, och inte installerat på datorn.

    För att motverka ev fel i systemfiler:

    Stoppa i din cd, tryck: Start -> Kör skriv: sfc.exe /scannow (enter)

    Sfc = system file checker, kollar om det fattas eller om någon fil är manipulerad, om så, återställs från din cd.

    Fortsätt med:

    start -> Kör, skriv: chkdsk /r (enter),

    chkdsk = Check disk = kontrollera disken och filsystemet efter fel, om så, reparera om det är möjligt.

    Fortsätt med:

    CCleaner, standard filstädning samt registerstädning.

    Nästa,

    Defragmentera hårddisken

    Och till sist, kommer jag till en ren information...

    Jag tycker att bara säkerhetsprogram startas automatiskt, alla andra program kan du antingen avaktivera från autostart eller i "Tjänster" ändra till manuell start.

    Nu är jag ingen säkerhetsexpert, men dina loggar ser rena ut... jag tror bara att det beror på för mycket skräp samt fragmenterad disk, ev för mycket startad programvara.

    Tack för svaret.

    - Hade redan installerat och kört grejen.

    - Har kört städning CCleaner både registret och filstädning. Men behöver man ha lite koll på vilka filer man tar bort eller kan man köra rubbet?

    - Det behövdes inte defragmenteras.

    - Jo, att ta bort att avaktivera de många startade programvarorna gjorde en del.

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Hej!

    - Nej, jag har inte spotify igång hela tiden. Men jag ska tänka på det.

    - Jag kontaktade bredbandsbolaget angående F-secure. De menade att den uppdateras och är lika resurssnål/krävande som de senaste versionerna, även om namnet är äldre, beroende på att de kör en anpassad variant eller något sånt.

    - Jag har plockat bort Nortonfilerna/mappen

    - Här nedan kommer resultatet av filanalysen:

    Resultat: 0/38 (0%)

    Fil usbaaplrc.dll mottagen 2009.03.21 21:18:17 (CET)

    Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

    Resultat: 0/38 (0%)

    Laddar server information...

    Din fil är köad i position: ___.

    Uppskattat starttid är mellan ___ och ___ .

    Stäng inte ner detta fönster förens sökningen är genomförd.

    Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

    Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

    Din fil blir genomsökt av VirusTotal för tillfället,

    resultat kommer att visas när de är klara.

    Compact Skriv ut resultat

    Din fil har upphört eller existerar inte.

    Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

    Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka "begär" så kommer systemet att skicka dig ett email när sökningen är genomförd.

    Email:

    Antivirus Version Senaste Uppdatering Resultat

    a-squared 4.0.0.101 2009.03.21 -

    AhnLab-V3 5.0.0.2 2009.03.21 -

    AntiVir 7.9.0.120 2009.03.21 -

    Authentium 5.1.2.4 2009.03.21 -

    Avast 4.8.1335.0 2009.03.20 -

    AVG 8.5.0.283 2009.03.21 -

    BitDefender 7.2 2009.03.21 -

    CAT-QuickHeal 10.00 2009.03.21 -

    ClamAV 0.94.1 2009.03.21 -

    Comodo 1078 2009.03.21 -

    DrWeb 4.44.0.09170 2009.03.21 -

    eSafe 7.0.17.0 2009.03.19 -

    eTrust-Vet 31.6.6409 2009.03.20 -

    F-Prot 4.4.4.56 2009.03.20 -

    F-Secure 8.0.14470.0 2009.03.21 -

    Fortinet 3.117.0.0 2009.03.21 -

    GData 19 2009.03.21 -

    Ikarus T3.1.1.48.0 2009.03.21 -

    K7AntiVirus 7.10.678 2009.03.21 -

    Kaspersky 7.0.0.125 2009.03.21 -

    McAfee 5560 2009.03.21 -

    McAfee+Artemis 5560 2009.03.21 -

    McAfee-GW-Edition 6.7.6 2009.03.21 -

    Microsoft 1.4502 2009.03.21 -

    NOD32 3953 2009.03.21 -

    Norman 6.00.06 2009.03.20 -

    nProtect 2009.1.8.0 2009.03.21 -

    Panda 10.0.0.10 2009.03.21 -

    Prevx1 V2 2009.03.21 -

    Rising 21.21.52.00 2009.03.21 -

    Sophos 4.39.0 2009.03.21 -

    Sunbelt 3.2.1858.2 2009.03.20 -

    Symantec 1.4.4.12 2009.03.21 -

    TheHacker 6.3.3.1.287 2009.03.21 -

    TrendMicro 8.700.0.1004 2009.03.20 -

    VBA32 3.12.10.1 2009.03.20 -

    ViRobot 2009.3.20.1658 2009.03.20 -

    VirusBuster 4.6.5.0 2009.03.21 -

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Hej igen!

    Jag upplever det som att det mest är internet som är segt.

    Nu har jag iaf kört combofixen. Men jag tror att jag klickade på ja efter installationen av återställningskonsolen fär jag skulle ha klickat nej. (behövde alltså inte klicka på combofix igen). Fick iaf en loggfil som jag kopierar här.

    Är det inte den du menar, så får du säga till, så kör jag combofix som det var tänkt.

    Combofixloggen

    ComboFix 09-03-19.02 - Nathalie 2009-03-21 16:06:34.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1534.880 [GMT 1:00]

    Körs från: c:\documents and settings\Nathalie\Skrivbord\ComboFix.exe

    Använda kommandoväxlar :: c:\documents and settings\Nathalie\Skrivbord\WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

    AV: Säker Bas 7.00 *On-access scanning enabled* (Updated)

    FW: Säker Bas 7.00 *enabled*

    * Skapade en ny återställningspunkt

    .

    (((((((((((((((((((((((( Filer Skapade från 2009-02-21 till 2009-03-21 ))))))))))))))))))))))))))))))

    .

    2009-03-21 15:51 . 2009-03-21 16:02 <KAT> d-------- C:\32788R22FWJFW

    2009-03-14 23:55 . 2009-03-14 23:58 <KAT> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

    2009-03-14 23:27 . 2009-03-14 23:56 <KAT> d-------- c:\program\iPod

    2009-03-14 23:17 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll

    2009-03-13 18:38 . 2009-03-13 18:38 <KAT> d-------- c:\documents and settings\Gäst\Application Data\SMART Technologies

    2009-03-07 11:51 . 2009-03-07 11:51 <KAT> d-------- c:\program\Mindscape

    2009-03-05 17:23 . 2009-03-05 17:23 <KAT> d-------- c:\documents and settings\Noah\Application Data\SMART Technologies

    2009-03-04 21:54 . 2009-03-04 21:54 <KAT> d-------- c:\documents and settings\Nathalie\Application Data\SMART Technologies

    2009-03-04 21:43 . 2009-03-04 21:43 <KAT> d-------- c:\documents and settings\Nathalie\Application Data\SMART Technologies Inc

    2009-03-04 21:42 . 2009-03-04 21:51 <KAT> d-------- c:\documents and settings\All Users\Application Data\SMART Technologies

    2009-03-04 21:41 . 2009-03-04 21:53 <KAT> d-------- c:\program\SMART Technologies

    2009-03-04 21:41 . 2009-03-04 21:43 <KAT> d-------- c:\program\Delade filer\SMART Technologies

    2009-02-25 20:06 . 2009-02-25 20:06 <KAT> d-------- c:\program\Spotify

    2009-02-25 20:06 . 2009-03-21 16:08 <KAT> d-------- c:\documents and settings\Nathalie\Application Data\Spotify

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-18 20:27 --------- d-----w c:\program\Malwarebytes' Anti-Malware

    2009-03-18 18:59 --------- d-----w c:\program\CCleaner

    2009-03-15 23:03 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin

    2009-03-14 22:58 --------- d-----w c:\program\iTunes

    2009-03-14 22:51 --------- d-----w c:\program\downloads

    2009-03-14 22:27 --------- d-----w c:\program\Delade filer\Apple

    2009-03-14 22:22 --------- d-----w c:\program\QuickTime

    2009-03-14 22:11 --------- d-----w c:\program\Safari

    2009-03-12 16:32 126 ----a-w c:\documents and settings\Noah\Application Data\wklnhst.dat

    2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys

    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

    2009-02-03 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage

    2009-02-02 11:53 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

    2009-01-25 21:56 --------- d-----w c:\program\Avanquest update

    2008-12-08 16:56 797,416 ----a-w c:\program\personalsetup.exe

    2008-09-29 08:59 33,232 -c--a-w c:\documents and settings\Nathalie\Application Data\wklnhst.dat

    2008-02-19 17:11 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat

    2008-09-20 08:23 32,768 -csha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008092020080921\index.dat

    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Not* Tomma poster & legitima standardposter visas inte.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    "swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

    "PMCS"="c:\program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-11-08 57344]

    "ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]

    "F-Secure Manager"="c:\program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" [2007-04-26 183208]

    "F-Secure TNB"="c:\program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" [2007-04-26 740208]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start-meny\Program\Autostart\

    SMART Board Tools.lnk - c:\program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-08-12 9618728]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "VIDC.MJPG"= Pvmjpg21.dll

    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]

    path=c:\documents and settings\All Users\Start-meny\Program\Autostart\InterVideo WinCinema Manager.lnk

    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Personal.lnk]

    path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Personal.lnk

    backup=c:\windows\pss\Personal.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^SMART Board Tools.lnk]

    path=c:\documents and settings\All Users\Start-meny\Program\Autostart\SMART Board Tools.lnk

    backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

    --a------ 2007-03-22 15:09 63712 c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    --a------ 2008-10-15 01:04 39792 c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

    --a------ 2009-03-06 00:50 177472 c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]

    --a------ 2003-06-18 00:00 45056 c:\program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

    --a------ 2003-09-17 09:43 57344 c:\program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

    --a------ 2009-03-12 20:56 342312 c:\program\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

    --a------ 2003-06-10 01:11 50688 c:\program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickLib]

    --a------ 2004-06-23 10:27 1725952 c:\program\QuickLib\QL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2009-01-05 16:18 413696 c:\program\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]

    --a------ 2002-12-03 17:06 45056 c:\program\Creative\SB Drive Det\SBDrvDet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

    --------- 2008-07-02 16:16 393216 c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    --a------ 2008-12-08 10:07 136600 c:\program\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    --a------ 2007-08-15 20:42 68856 c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2008-11-04 19:46 185872 c:\program\Delade filer\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

    --------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

    --a------ 2003-10-06 15:57 24576 c:\windows\system32\CTHELPER.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

    --a------ 2007-06-28 17:43 1626112 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]

    -ra------ 2003-08-04 15:54 215552 c:\windows\system32\PRISMSTA.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program\\Messenger\\msmsgs.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=

    "c:\\Program\\EA SPORTS\\NHL08\\nhl2008.exe"=

    "c:\\Program\\Spotify\\spotify.exe"=

    "c:\\Program\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=

    "c:\\Program\\iTunes\\iTunes.exe"=

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-03-20 58128]

    R1 F-Secure HIPS;F-Secure HIPS;c:\program\Glocalnet Sakerhetspaket\HIPS\fshs.sys [2008-03-20 48176]

    R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2007-08-14 15840]

    R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [2007-08-14 698368]

    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsgk.sys [2008-03-20 59760]

    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-27 10976]

    S3 PRISM_A00;CREATIX 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [2007-10-16 360832]

    S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2008-12-26 90536]

    S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2008-12-26 15016]

    S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2008-12-26 122152]

    S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2008-12-26 115496]

    S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2008-12-26 25768]

    S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2008-12-26 111912]

    S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2008-12-26 117672]

    S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608]

    S3 SMART Web Server;SMART Webbserver;c:\program\SMART Technologies\SMART Board Drivers\WebServer.exe [2008-07-31 1205544]

    S4 F-Secure Filter;F-Secure File System Filter;c:\program\Glocalnet Sakerhetspaket\Anti-Virus\win2k\fsfilter.sys [2008-03-20 40048]

    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\Glocalnet Sakerhetspaket\Anti-Virus\win2k\fsrec.sys [2008-03-20 25456]

    .

    Innehållet i mappen 'Schemalagda aktiviteter':

    2008-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2009-03-16 c:\windows\Tasks\defrag.job

    - c:\windows\system32\defrag.exe [2008-04-14 17:05]

    2009-03-20 c:\windows\Tasks\Norton Security Scan.job

    - c:\program\Norton Security Scan\Nss.exe [2008-01-09 03:08]

    2009-03-20 c:\windows\Tasks\OGADaily.job

    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-03-21 c:\windows\Tasks\OGALogon.job

    - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

    2009-03-21 c:\windows\Tasks\Scheduled scanning task.job

    - c:\program\GLOCAL~1\ANTI-V~1\fsav.exe [2007-04-26 12:42]

    .

    .

    ------- Extra genomsökning -------

    .

    uStart Page = hxxp://www.godstart.se/

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

    uInternet Settings,ProxyOverride = *.local

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    LSP: c:\program\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL

    DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://normannvik.viewnetcam.com/JpegInst.cab

    FF - ProfilePath - c:\documents and settings\Nathalie\Application Data\Mozilla\Firefox\Profiles\aeb7anz3.default\

    FF - component: d:\mina dokument\downloads\browserrecord\components\nprpbrowserrecordplugin.dll

    FF - plugin: c:\program\Personal\bin\np_prsnl.dll

    FF - plugin: d:\mina dokument\downloads\Netscape6\nppl3260.dll

    FF - plugin: d:\mina dokument\downloads\Netscape6\nprjplug.dll

    FF - plugin: d:\mina dokument\downloads\Netscape6\nprpjplug.dll

    ---- FIREFOX POLICY ----

    c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-21 16:10:24

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,71,60,8c,77,df,

    00,ad,b1,c8,28,51,af,b0,29,a3,98,d4,16,ad,d8,d7,7a,4d,9f,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6f,27,d4,4e,1c,

    75,9f,88,71,3b,04,66,8b,46,0d,96,5c,5c,87,88,7e,09,9e,40,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,70,9c,69,1e,36,

    ad,43,22,25,da,ec,7e,55,20,c9,26,76,a3,50,b7,5f,b0,fd,a2,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ed,9a,3f,3f,15,

    6b,07,fb,3e,1e,9e,e0,57,5a,93,61,b7,a3,44,c7,a3,c5,1b,f1,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e1,66,ba,7c,a4,

    32,ff,71,cd,44,cd,b9,a6,33,6c,cd,e3,ee,11,24,86,f7,e8,fd,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,05,f3,af,0c,03,

    02,b1,88,b0,18,ed,a7,3f,8d,37,a4,d3,57,3b,de,86,05,63,19,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,56,96,71,fe,c8,

    bd,3c,3f,31,77,e1,ba,b1,f8,68,02,0d,6c,0e,37,f7,2f,80,d7,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,1f,9c,88,7a,80,

    b4,84,cc,83,6c,56,8b,a0,85,96,ab,ee,1f,3e,e4,72,17,df,de,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,cd,ec,5d,ce,88,

    ca,27,e7,51,fa,6e,91,28,9e,14,cc,ac,85,3e,3b,48,fe,c5,9a,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e5,d2,2d,fd,fc,

    a4,f2,d1,b1,cd,45,5a,a8,c4,f8,b9,3d,ce,71,72,8e,c6,a1,aa,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,4a,29,10,87,22,

    2f,fe,62,e3,0e,66,d5,eb,bc,2f,6b,c7,18,65,cc,4a,25,73,d3,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

    "ThreadingModel"="Apartment"

    @="c:\\WINDOWS\\system32\\OLE32.DLL"

    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,78,68,e8,1b,64,

    bb,6c,28,fa,ea,66,7f,d4,3b,6b,70,d6,ed,98,27,02,54,ec,d0,6c,43,2d,1e,aa,22,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø|ÿÿÿÿ|é6~*]

    "D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    .

    --------------------- DLLer som "laddats" under processer som körs ---------------------

    - - - - - - - > 'winlogon.exe'(596)

    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(652)

    c:\program\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL

    .

    ------------------------ Andra processer som körs ------------------------

    .

    c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\windows\system32\CTSVCCDA.EXE

    c:\program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    c:\program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    c:\program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32.exe

    c:\program\Java\jre6\bin\jqs.exe

    c:\program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    c:\program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    c:\program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    c:\windows\system32\nvsvc32.exe

    c:\program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    c:\program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    c:\program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    c:\windows\system32\MsPMSPSv.exe

    c:\program\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe

    c:\program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    c:\program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    c:\program\Glocalnet Sakerhetspaket\FWES\program\fsdfwd.exe

    c:\program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    c:\windows\system32\wscntfy.exe

    c:\program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    c:\windows\system32\rundll32.exe

    c:\program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    .

    **************************************************************************

    .

    Sluttid: 2009-03-21 16:14:32 - datorn startades om.

    ComboFix-quarantined-files.txt 2009-03-21 15:14:29

    Före genomsökningen: 189 473 136 640 byte ledigt

    Efter genomsökningen: 190,287,269,888 byte ledigt

    WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    300 --- E O F --- 2009-03-17 21:21:33

    Hijackthis-loggen

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:21:24, on 2009-03-21

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE

    C:\Program\Java\jre6\bin\jqs.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\MsPMSPSv.exe

    c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\notepad.exe

    C:\Program\Internet Explorer\IEXPLORE.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program\Trend Micro\HijackThis\Rensare.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godstart.se/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Mina dokument\downloads\rpbrowserrecordplugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program\SMART Technologies\Notebook Software\NotebookPlugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: SMART Board Tools.lnk = C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader5.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader4.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://normannvik.viewnetcam.com/JpegInst.cab

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program\Creative\Shared Files\CTDevSrv.exe (file missing)

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: SMART Board-tjänsten (SMART Board Service) - SMART Technologies - C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe

    O23 - Service: SMART Webbserver (SMART Web Server) - Unknown owner - C:\Program\SMART Technologies\SMART Board Drivers\WebServer.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

    --

    End of file - 9556 bytes

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Jag körde en till Hijackthis efter rensningen i uppstartslistan.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:34:10, on 2009-03-18

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE

    C:\Program\Java\jre6\bin\jqs.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\MsPMSPSv.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

    C:\WINDOWS\system32\ezSP_Px.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Personal\bin\Personal.exe

    C:\Program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    C:\Program\Outlook Express\msimn.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\Program\Malwarebytes' Anti-Malware\mbam.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program\Trend Micro\HijackThis\Rensare.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.godstart.se/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Mina dokument\downloads\rpbrowserrecordplugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program\SMART Technologies\Notebook Software\NotebookPlugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-21-515967899-1592454029-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Örjan')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader5.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader4.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://normannvik.viewnetcam.com/JpegInst.cab

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program\Creative\Shared Files\CTDevSrv.exe (file missing)

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: SMART Board-tjänsten (SMART Board Service) - SMART Technologies - C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe

    O23 - Service: SMART Webbserver (SMART Web Server) - Unknown owner - C:\Program\SMART Technologies\SMART Board Drivers\WebServer.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

    --

    End of file - 9909 bytes

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Malwarebytes' Anti-Malware 1.34

    Databasversion: 1865

    Windows 5.1.2600 Service Pack 3

    2009-03-18 21:32:39

    mbam-log-2009-03-18 (21-32-39).txt

    Skanningstyp: Snabb skanning

    Antal skannade objekt: 89248

    Förfluten tid: 4 minute(s), 43 second(s)

    Infekterade minnesprocesser: 0

    Infekterade minnesmoduler: 0

    Infekterade registernycklar: 0

    Infekterade registervärden: 0

    Infekterade registerdataposter: 0

    Infekterade mappar: 0

    Infekterade filer: 0

    Infekterade minnesprocesser:

    (Inga illasinnade poster hittades)

    Infekterade minnesmoduler:

    (Inga illasinnade poster hittades)

    Infekterade registernycklar:

    (Inga illasinnade poster hittades)

    Infekterade registervärden:

    (Inga illasinnade poster hittades)

    Infekterade registerdataposter:

    (Inga illasinnade poster hittades)

    Infekterade mappar:

    (Inga illasinnade poster hittades)

    Infekterade filer:

    (Inga illasinnade poster hittades)

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Dessa kan du ta bort utan några problem!

    O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

    Menar du "Avaktivera" när du skriver ta bort?

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    Tack för svaren.

    Stenis, förstod det när jag kom till jobbet och har skickat en notis.

    Mr O, här kommer loggarna. Jag har avaktiverat i uppstartsmenyn efter bästa förmåga och omdöme (använde CCCleaner). Nu får vi se om det kan göra datorn lite snabbare, om det har bidragit till segheten.

    Här kommer loggen från mbam:

    Malwarebytes' Anti-Malware 1.25

    Databasversion: 1092

    Windows 5.1.2600 Service Pack 3

    20:01:30 2009-03-18

    mbam-log-03-18-2009 (20-01-30).txt

    Skanningstyp: Snabb skanning

    Antal skannade objekt: 53369

    Förfluten tid: 8 minute(s), 53 second(s)

    Infekterade minnesprocesser: 0

    Infekterade minnesmoduler: 0

    Infekterade registernycklar: 0

    Infekterade registervärden: 0

    Infekterade registerdataposter: 0

    Infekterade mappar: 0

    Infekterade filer: 0

    Infekterade minnesprocesser:

    (Inga illasinnade poster hittades)

    Infekterade minnesmoduler:

    (Inga illasinnade poster hittades)

    Infekterade registernycklar:

    (Inga illasinnade poster hittades)

    Infekterade registervärden:

    (Inga illasinnade poster hittades)

    Infekterade registerdataposter:

    (Inga illasinnade poster hittades)

    Infekterade mappar:

    (Inga illasinnade poster hittades)

    Infekterade filer:

    (Inga illasinnade poster hittades)

    Loggen från Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:03:24, on 2009-03-18

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE

    C:\Program\Java\jre6\bin\jqs.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\MsPMSPSv.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Java\jre6\bin\jusched.exe

    C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

    C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

    C:\WINDOWS\system32\CTHELPER.EXE

    C:\WINDOWS\system32\ezSP_Px.exe

    C:\WINDOWS\system32\PRISMSTA.EXE

    C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\Program\QuickTime\QTTask.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    C:\Program\Personal\bin\Personal.exe

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

    C:\Program\SMART Technologies\SMART Board Drivers\Aware.exe

    C:\Program\SMART Technologies\SMART Board Drivers\Marker.exe

    C:\Program\Outlook Express\msimn.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program\Trend Micro\HijackThis\Rensare.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Mina dokument\downloads\rpbrowserrecordplugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program\SMART Technologies\Notebook Software\NotebookPlugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r

    O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

    O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [QuickLib] C:\Program\QuickLib\QL.exe /m

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-21-515967899-1592454029-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Örjan')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

    O4 - Global Startup: SMART Board Tools.lnk = C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader5.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader4.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://normannvik.viewnetcam.com/JpegInst.cab

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program\Creative\Shared Files\CTDevSrv.exe (file missing)

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: SMART Board-tjänsten (SMART Board Service) - SMART Technologies - C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe

    O23 - Service: SMART Webbserver (SMART Web Server) - Unknown owner - C:\Program\SMART Technologies\SMART Board Drivers\WebServer.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

    --

    End of file - 12261 bytes

    Får varning ang (Felkod: sec_error_expired_certificate). Är/kan detta vara något otrevligt som tagit sig in i systemet?

    i Borttagning av virus och andra skadliga program

    Postad

    *********************************************

    2009-06-06:

    Tråden är låst då problemet är löst.

    Tycker du att den är felaktigt låst, var god kontakta

    Malou

    *********************************************

    Hej!

    Jag funderar på om jag har fått virus.

    Dels så var datorn extremt långsam ett tag och är fortfarande långsam.

    Dels så visade antivirusprogrammet ett fel på internetskölden ett tag. Nu verkar det vara bra.

    Idag när jag skulle logga in på mitt arbetes intranät fick jag en varning att inte gå in.

    Säker anslutning misslyckades

    www.info.forshaga.se använder ett ogiltigt säkerhetscertifikat.

    Certifikatet förföll 2009-03-17 14:39.

    (Felkod: sec_error_expired_certificate)

    * Detta kan bero på ett problem med serverns konfiguration, eller så kanske

    någon annan felaktigt utger sig för att vara servern.

    * Om du tidigare utan problem har anslutit till den här servern kanske felet

    är tillfälligt och du kan försöka igen senare.

    Här är hijackloggen

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:13:48, on 2009-03-17

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16791)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE

    C:\Program\Java\jre6\bin\jqs.exe

    C:\Program\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSMB32.EXE

    C:\Program\Glocalnet Sakerhetspaket\Common\FCH32.EXE

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsqh.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FAMEH32.EXE

    C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\MsPMSPSv.exe

    C:\Program\Java\jre6\bin\jusched.exe

    C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

    C:\WINDOWS\system32\CTHELPER.EXE

    C:\WINDOWS\system32\ezSP_Px.exe

    C:\WINDOWS\system32\PRISMSTA.EXE

    C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program\Glocalnet Sakerhetspaket\FSGUI\fsguidll.exe

    C:\Program\Delade filer\Real\Update_OB\realsched.exe

    C:\Program\QuickTime\QTTask.exe

    C:\Program\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program\Personal\bin\Personal.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsus.exe

    C:\Program\iPod\bin\iPodService.exe

    C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\Program\Trend Micro\HijackThis\Rensare.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetstart.se/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Mina dokument\downloads\rpbrowserrecordplugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

    O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program\SMART Technologies\Notebook Software\NotebookPlugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r

    O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

    O4 - HKLM\..\Run: [sBDrvDet] "C:\Program\Creative\SB Drive Det\SBDrvDet.exe" /r

    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [QuickLib] C:\Program\QuickLib\QL.exe /m

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

    O4 - HKLM\..\Run: [PMCS] "C:\Program\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program\Delade filer\Microsoft Shared\Works Shared\WkUFind.exe"

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program\InterVideo\Common\Bin\WinCinemaMgr.exe

    O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

    O4 - Global Startup: SMART Board Tools.lnk = C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader5.cab

    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.order.proprint.se/resources/fil...geUploader4.cab

    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://normannvik.viewnetcam.com/JpegInst.cab

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)

    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program\Creative\Shared Files\CTDevSrv.exe (file missing)

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FSAUA\program\fsaua.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program\Glocalnet Sakerhetspaket\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program\pinnacle\shared files\programs\mediaserver\pmshost.exe

    O23 - Service: SMART Board-tjänsten (SMART Board Service) - SMART Technologies - C:\Program\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe

    O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - C:\Program\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe

    O23 - Service: SMART Webbserver (SMART Web Server) - Unknown owner - C:\Program\SMART Technologies\SMART Board Drivers\WebServer.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

    --

    End of file - 11759 bytes

    Sedan undrar jag över hur jag kan se till att inte så många program startar upp automatiskt vid inloggningen.

    Mvh Nathalie

×
×
  • Skapa nytt...