Frustrerande Sonic Cineplayer

kava · Mars 9, 2010

Hej!

När jag ska öppna någon mapp som innehåller musik eller video vill datorn installera något som heter "Sonic Cinplayer Decoder Pack"

Hur blir jag av med detta?

När jag ska starta om eller stänga datorn så stängs skärmen och det kommer upp en ruta med "Power saving mode" eller liknande sen blir skärmen svart som den ska men datorn fortsätter att "lysa" och fläkten går och datorn stänger aldrig av sig.

Vad gör man i det fallet?

När jag ska öppna utforskaren så har jag plötsligt börjat få ett meddelande: Se bifogad bild.

Hur blir man av med det?

Vore jättetacksam för hjälp!

Tack på förhand!

Kalle

Mats H · Mars 9, 2010

Kan detta vara ngt otyg du fått in?

Testa med att köra Malwarebytes, klistra in loggfilen, texten som kommer upp efter avslutad skanning, här i din tråd.

Välj snabbskanning.

Malwarebytes hittar du här:

http://www.malwarebytes.org/mbam.php

Redigerad Mars 9, 2010 av Mats H

Mats H · Mars 10, 2010

Kanske ändå inte ett "otyg"!

Använd TM Hijack This och klistra in loggen här

TM Hijack This hittar du här:

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Hittade lite till om detta:

"To start eliminating this problem you need to Go to My Computer, then Tools, at the bottom of the tools menu you would get Folder Options, select View tab, and select "Show hidden files and folders". Then do a search (be sure to include system folders) for all files named "sonic" or "cineplayer" or even "cine".There you would find the files, Delete any files from there or folders with sonic or cineplayer in the name, and carefully scrutinize any with "cine" in them.If you wanted to search for regedit (go to Start Menu, Run, then type regedit) for sonic or cineplayer. Delete any obvious keys. Then reboot."

Men börja du med TM Hijack THis.

Redigerad Mars 10, 2010 av Mats H

kava · Mars 10, 2010

Hej!

Nej jag har inget tok i datorn förutom allt krångel:)

Jag har försökt rensa bland program p.g.a. seg dator men Sonic Cineplayer skulle jag inte tagit bort trots att jag aldrig använt den medvetat, kanske i bakgrunden.

Edit: såg att Du tipsade om mer, ska kolla det när jag kommer hem ikväll!

Tack!

Redigerad Mars 10, 2010 av kava

Mats H · Mars 10, 2010

Du kan ju även testa med Revo Uninstaller, säkert fler här som kan ge bra eller bättre tips om hur du blir av den "spelaren"

Ha en bra dag!

Mvh

Mats H

kava · Mars 10, 2010

När det gäller mitt problem med att datorn inte vill stänga ner.

Kom på en sak, när jag ska stänga datorn så stängs ju windows mm och sen skärmen.

Innan skärmen blir svart så kommer det upp en ruta där det står "power saving mode".

Datorn fortsätter "utan skärm" och fläkten ökar i varv!

Alla program är ju stängda så varför ökar fläkten i varv?

Mats H · Mars 10, 2010

Vad har du för dator?

Samt kan du köra en Hijack This, o klistra in loggen här?

Kanske kan ge lite mera vid handen?

Mvh

Mats H

Redigerad Mars 10, 2010 av Mats H

swerogge · Mars 10, 2010

Vad har du för dator?

Samt kan du köra en Hijack This, o klistra in loggen här?

Kanske kan ge lite mera vid handen?

Mvh

Mats H

Att du kava gör som Mats föreslår tycker jag verkar vara en god idé för att du ska lyckas med att ringa in problemet .. !

kava · Mars 10, 2010

Här kommer loggen från Hijack This.

Får ni ut något som hjälper mig är det nästan dags för Nobelpris;)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:29:39, on 2010-03-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Winamp\winampa.exe

C:\Documents and Settings\Kalle\Lokala inställningar\Temporary Internet Files\Content.IE5\X7SKIPYL\HiJackThis[1].exe

C:\Program\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svenskafans.com/hockeyzon/lif/forum.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [MSKDetct] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/upload/aurigma/ImageUploader4.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: acaptuser32.dll

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kalle/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 12963 bytes

Mats H · Mars 10, 2010

Hej

denna fil är suspekt!

Kan du köra en Malwarebytes med??

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

File Behavior

WINFJT32.DLL has been seen to perform the following behavior:

* Found on infected systems and resists interrogation by security products

WINFJT32.DLL has been the subject of the following behavior:

* Added as a Winlogon Notification DLL to automatically load on system start up

* Created as a process on disk

* Registered as a Dynamic Link Library File

* Copied to multiple locations on the system

* Deleted as a process from disk

* Added as a Registry auto start to load Program on Boot up

kava · Mars 10, 2010

Nu har jag installerat Malware och "kört" scanning 2 ggr. Båda gångerna stannade programmet vid 12 sekunder och hängde sig där och svarade inte.

Nu ger jag upp för idag, återkommer i morron från jobbet.

Gonatt!

Mats H · Mars 10, 2010

Nu har jag installerat Malware och "kört" scanning 2 ggr. Båda gångerna stannade programmet vid 12 sekunder och hängde sig där och svarade inte.

Nu ger jag upp för idag, återkommer i morron från jobbet.

Gonatt!

Uppenbarligen har du ngt som inte skall finnas i din dator.

Det finns dock andra metoder.

Jag eller ngn annan återkommer med förslag!

T.ex. Cecilia!

Mvh

Mats H

Redigerad Mars 10, 2010 av Mats H

Cecilia · Mars 10, 2010

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här.

C:\WINDOWS\SYSTEM32\winfjt32.dll

Vi kan se lite mer om vad som händer i datorn med DDS. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

kava · Mars 11, 2010

Fattar ni något av det här?

Verkar som att vissa program har hittat trojaner.

Resultat: 17/42 (40.48%)

Antivirus Version Senaste Uppdatering Resultat

a-squared 4.5.0.50 2010.03.11 Trojan.Win32.Nebuler!IK

AhnLab-V3 5.0.0.2 2010.03.11 -

AntiVir 8.2.1.180 2010.03.11 TR/Spy.Gen

Antiy-AVL 2.0.3.7 2010.03.11 -

Authentium 5.2.0.5 2010.03.11 -

Avast 4.8.1351.0 2010.03.10 Win32:Nebuler-H

Avast5 5.0.332.0 2010.03.10 Win32:Nebuler-H

AVG 9.0.0.787 2010.03.11 Agent_r.NV

BitDefender 7.2 2010.03.11 -

CAT-QuickHeal 10.00 2010.03.11 -

ClamAV 0.96.0.0-git 2010.03.11 -

Comodo 4225 2010.03.11 -

DrWeb 5.0.1.12222 2010.03.11 Trojan.Mssmsgs.origin

eSafe 7.0.17.0 2010.03.11 -

eTrust-Vet 35.2.7354 2010.03.11 -

F-Prot 4.5.1.85 2010.03.11 -

F-Secure 9.0.15370.0 2010.03.11 -

Fortinet 4.0.14.0 2010.03.09 -

GData 19 2010.03.11 Win32:Nebuler-H

Ikarus T3.1.1.80.0 2010.03.11 Trojan.Win32.Nebuler

Jiangmin 13.0.900 2010.03.11 -

K7AntiVirus 7.10.995 2010.03.11 -

Kaspersky 7.0.0.125 2010.03.11 -

McAfee 5917 2010.03.11 Nebuler.dll

McAfee+Artemis 5917 2010.03.11 Nebuler.dll

McAfee-GW-Edition 6.8.5 2010.03.11 Heuristic.BehavesLike.Win32.Downloader.H

Microsoft 1.5502 2010.03.11 Trojan:Win32/Nebuler.J

NOD32 4935 2010.03.11 -

Norman 6.04.08 2010.03.11 -

nProtect 2009.1.8.0 2010.03.11 -

Panda 10.0.2.2 2010.03.11 -

PCTools 7.0.3.5 2010.03.11 -

Prevx 3.0 2010.03.11 Medium Risk Malware

Rising 22.38.03.04 2010.03.11 Trojan.Win32.Generic.51FA52DB

Sophos 4.51.0 2010.03.11 Troj/Nebule-Gen

Sunbelt 5824 2010.03.11 -

Symantec 20091.2.0.41 2010.03.11 Suspicious.Insight

TheHacker 6.5.2.0.230 2010.03.11 -

TrendMicro 9.120.0.1004 2010.03.11 Mal_Neb-2

VBA32 3.12.12.2 2010.03.11 -

ViRobot 2010.3.11.2222 2010.03.11 -

VirusBuster 5.0.27.0 2010.03.11 -

kava · Mars 11, 2010

http://www.virustotal.com/sv/analisis/1c5a74fc1f539d68d057896109da2270c14bd48f03c92f11032382e47f570839-1268324555

kava · Mars 11, 2010

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kalle at 17:49:09,12 on 2010-03-11

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1250 [GMT 1:00]

AV: F-Secure Anti-Virus Client Security 6.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Anti-Virus Client Security 6.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Spotify\spotify.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\dumprep.exe

C:\Documents and Settings\Kalle\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.svenskafans.com/hockeyzon/lif/forum.asp

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [F-Secure TNB] "c:\program\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program\canon\myprinter\BJMyPrt.exe /logon

mRun: [bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [sM1BG] c:\windows\SM1BG.EXE

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [RoxioDragToDisc] "c:\program\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [NWEReboot]

mRun: [MSKDetectorExe] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [MSKDetct] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\Iaanotif.exe

mRun: [WinampAgent] c:\program\winamp\winampa.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\f-secu~1.lnk - c:\program\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe

IE: &Block this popup - c:\program\f-secure\anti-spyware\blockpopups.htm

IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program\f-secure\anti-spyware\ieshield.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\program\office11\REFIEBAR.DLL

LSP: c:\program\f-secure\fsps\program\FSLSP.DLL

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.postfoto.se/upload/aurigma/ImageUploader4.cab

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Notify: winfjt32 - winfjt32.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-10-24 70896]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\program\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-10-24 32807]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\FSfilter.sys [2006-10-24 48816]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2006-10-24 45056]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\win2k\fsgk.sys [2006-10-24 48256]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\FSrec.sys [2006-10-24 16720]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2006-10-24 110642]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-10 38224]

S2 gupdate;Google Update Service (gupdate);c:\program\google\update\GoogleUpdate.exe [2009-9-26 133104]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys --> c:\windows\system32\drivers\avfsfilter.sys [?]

=============== Created Last 30 ================

2010-03-10 20:46:00 0 d-----w- c:\docume~1\kalle\applic~1\Malwarebytes

2010-03-10 20:45:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 20:45:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 20:45:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-10 20:45:38 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 18:03:03 0 d-----w- c:\program\Messenger

2010-03-10 18:02:52 0 d-----w- c:\windows\l2schemas

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\sv

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\bits

2010-03-10 18:00:35 0 d-----w- c:\windows\ServicePackFiles

2010-03-10 17:58:46 0 d-----w- c:\windows\network diagnostic

2010-03-10 17:55:49 0 d-----w- c:\windows\EHome

2010-03-10 17:47:45 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2010-03-10 17:29:33 0 d-----w- c:\windows\system32\PreInstall

2010-03-10 17:26:58 22752 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-03-10 17:26:58 17624 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-03-10 17:26:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-03-10 17:26:57 15072 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-03-10 17:26:57 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-03-05 16:25:28 0 d-----w- c:\windows\SxsCaPendDel

2010-02-27 08:24:14 39424 ----a-w- c:\windows\system32\winfjt32.dll

2010-02-26 18:24:21 0 d-----w- c:\program\delade filer\Macrovision Shared

2010-02-26 18:23:53 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2010-02-26 18:23:53 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-02-22 17:38:37 26 ----a-w- c:\windows\Zone.Identifier

2010-02-09 20:42:35 0 d-----w- c:\program\Lame for Audacity

2010-02-09 20:19:00 0 d-----w- c:\program\Audacity 1.3 Beta (Unicode)

==================== Find3M ====================

2010-03-10 18:11:59 63494 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-10 18:11:59 384758 ----a-w- c:\windows\system32\perfh01D.dat

2009-04-20 17:07:30 133573480 ----a-w- c:\program\wlsetup-all.exe

2008-11-25 17:47:42 68756776 ----a-w- c:\program\iTunesSetup.exe

2008-02-26 15:45:43 1216496 -c--a-w- c:\program\dnlsetup.exe

2006-11-24 13:24:23 3334480 -c--a-w- c:\program\FotolaboSE-OrderClient-SV.exe

2006-11-07 19:36:32 19666504 -c--a-w- c:\program\QuickTimeInstaller.exe

2004-11-15 13:15:48 1701098 -c--a-w- c:\program\winamp291_std.exe

2003-08-27 13:19:18 36963 -c--a-r- c:\program\delade filer\SM1updtr.dll

2001-10-22 10:09:16 1259960 -c--a-w- c:\program\winzip80.exe

2001-07-10 04:47:42 777728 ----a-w- c:\program\PHOTOED.EXE

1999-10-05 10:50:02 114688 -c--a-w- c:\program\CPsv050.exe

2006-10-24 18:38:42 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-29 09:07:03 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 17:49:21,51 ===============

Redigerad Mars 11, 2010 av kava

kava · Mars 11, 2010

Här kommer filen "Attach" också!

Attach.txt

Cecilia · Mars 11, 2010

Skanna med HijackThis och bocka för:

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn.

Ta bort filen C:\WINDOWS\SYSTEM32\winfjt32.dll

Starta om i normalt läge och så en ny DDS-logg.

kava · Mars 11, 2010

Det går inte att ta bort filen!

"Åtkomst nekad"

Har startat om datorn en gång (den stänger sig inte själv) ska jag göra en ny DDS-logg ändå?

Mats H · Mars 11, 2010

Bra att detta kom fram, otygen skyr ju dagsljus!

Bra jobbat Kava!

Och Cecilia!

kava · Mars 11, 2010

Jag scannade med Hijack igen och nu verkar den vara borta men är den det när jag kollar i windows, testar nu.

EDIT: den är kvar i "System 32-mappen"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:06:19, on 2010-03-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Kalle\Skrivbord\HiJackThis.exe

C:\Program\F-Secure\Common\FSLAUNCH.EXE