Frustrerande Sonic Cineplayer


kava
 Share

Recommended Posts

Hej!

När jag ska öppna någon mapp som innehåller musik eller video vill datorn installera något som heter "Sonic Cinplayer Decoder Pack"

Hur blir jag av med detta?

När jag ska starta om eller stänga datorn så stängs skärmen och det kommer upp en ruta med "Power saving mode" eller liknande sen blir skärmen svart som den ska men datorn fortsätter att "lysa" och fläkten går och datorn stänger aldrig av sig.

Vad gör man i det fallet?

När jag ska öppna utforskaren så har jag plötsligt börjat få ett meddelande: Se bifogad bild.

post-5051-1268164489,87_thumb.png

Hur blir man av med det?

Vore jättetacksam för hjälp!

Tack på förhand!

Kalle

Link to comment
Share on other sites

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Kan detta vara ngt otyg du fått in?

Testa med att köra Malwarebytes, klistra in loggfilen, texten som kommer upp efter avslutad skanning, här i din tråd.

Välj snabbskanning.

Malwarebytes hittar du här:

http://www.malwarebytes.org/mbam.php

Edited by Mats H
Link to comment
Share on other sites

Kanske ändå inte ett "otyg"!

Använd TM Hijack This och klistra in loggen här

TM Hijack This hittar du här:

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Hittade lite till om detta:

"To start eliminating this problem you need to Go to My Computer, then Tools, at the bottom of the tools menu you would get Folder Options, select View tab, and select "Show hidden files and folders". Then do a search (be sure to include system folders) for all files named "sonic" or "cineplayer" or even "cine".There you would find the files, Delete any files from there or folders with sonic or cineplayer in the name, and carefully scrutinize any with "cine" in them.If you wanted to search for regedit (go to Start Menu, Run, then type regedit) for sonic or cineplayer. Delete any obvious keys. Then reboot."

Men börja du med TM Hijack THis.

Edited by Mats H
Link to comment
Share on other sites

Hej!

Nej jag har inget tok i datorn förutom allt krångel:)

Jag har försökt rensa bland program p.g.a. seg dator men Sonic Cineplayer skulle jag inte tagit bort trots att jag aldrig använt den medvetat, kanske i bakgrunden.

Edit: såg att Du tipsade om mer, ska kolla det när jag kommer hem ikväll!

Tack!

Edited by kava
Link to comment
Share on other sites

När det gäller mitt problem med att datorn inte vill stänga ner.

Kom på en sak, när jag ska stänga datorn så stängs ju windows mm och sen skärmen.

Innan skärmen blir svart så kommer det upp en ruta där det står "power saving mode".

Datorn fortsätter "utan skärm" och fläkten ökar i varv!

Alla program är ju stängda så varför ökar fläkten i varv?

Link to comment
Share on other sites

Vad har du för dator?

Samt kan du köra en Hijack This, o klistra in loggen här?

Kanske kan ge lite mera vid handen?

Mvh

Mats H

Edited by Mats H
Link to comment
Share on other sites

Vad har du för dator?

Samt kan du köra en Hijack This, o klistra in loggen här?

Kanske kan ge lite mera vid handen?

Mvh

Mats H

Att du kava gör som Mats föreslår tycker jag verkar vara en god idé för att du ska lyckas med att ringa in problemet .. !

Link to comment
Share on other sites

Här kommer loggen från Hijack This.

Får ni ut något som hjälper mig är det nästan dags för Nobelpris;)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:29:39, on 2010-03-10

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Winamp\winampa.exe

C:\Documents and Settings\Kalle\Lokala inställningar\Temporary Internet Files\Content.IE5\X7SKIPYL\HiJackThis[1].exe

C:\Program\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svenskafans.com/hockeyzon/lif/forum.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [MSKDetct] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/upload/aurigma/ImageUploader4.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: acaptuser32.dll

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kalle/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 12963 bytes

Link to comment
Share on other sites

Hej

denna fil är suspekt!

Kan du köra en Malwarebytes med??

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

File Behavior

WINFJT32.DLL has been seen to perform the following behavior:

* Found on infected systems and resists interrogation by security products

WINFJT32.DLL has been the subject of the following behavior:

* Added as a Winlogon Notification DLL to automatically load on system start up

* Created as a process on disk

* Registered as a Dynamic Link Library File

* Copied to multiple locations on the system

* Deleted as a process from disk

* Added as a Registry auto start to load Program on Boot up

Link to comment
Share on other sites

Nu har jag installerat Malware och "kört" scanning 2 ggr. Båda gångerna stannade programmet vid 12 sekunder och hängde sig där och svarade inte.

Nu ger jag upp för idag, återkommer i morron från jobbet.

Gonatt!

Link to comment
Share on other sites

Nu har jag installerat Malware och "kört" scanning 2 ggr. Båda gångerna stannade programmet vid 12 sekunder och hängde sig där och svarade inte.

Nu ger jag upp för idag, återkommer i morron från jobbet.

Gonatt!

Uppenbarligen har du ngt som inte skall finnas i din dator.

Det finns dock andra metoder.

Jag eller ngn annan återkommer med förslag!

T.ex. Cecilia! :)

Mvh

Mats H

Edited by Mats H
Link to comment
Share on other sites

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här.

C:\WINDOWS\SYSTEM32\winfjt32.dll

Vi kan se lite mer om vad som händer i datorn med DDS. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

Fattar ni något av det här?

Verkar som att vissa program har hittat trojaner.

Resultat: 17/42 (40.48%)

Antivirus Version Senaste Uppdatering Resultat

a-squared 4.5.0.50 2010.03.11 Trojan.Win32.Nebuler!IK

AhnLab-V3 5.0.0.2 2010.03.11 -

AntiVir 8.2.1.180 2010.03.11 TR/Spy.Gen

Antiy-AVL 2.0.3.7 2010.03.11 -

Authentium 5.2.0.5 2010.03.11 -

Avast 4.8.1351.0 2010.03.10 Win32:Nebuler-H

Avast5 5.0.332.0 2010.03.10 Win32:Nebuler-H

AVG 9.0.0.787 2010.03.11 Agent_r.NV

BitDefender 7.2 2010.03.11 -

CAT-QuickHeal 10.00 2010.03.11 -

ClamAV 0.96.0.0-git 2010.03.11 -

Comodo 4225 2010.03.11 -

DrWeb 5.0.1.12222 2010.03.11 Trojan.Mssmsgs.origin

eSafe 7.0.17.0 2010.03.11 -

eTrust-Vet 35.2.7354 2010.03.11 -

F-Prot 4.5.1.85 2010.03.11 -

F-Secure 9.0.15370.0 2010.03.11 -

Fortinet 4.0.14.0 2010.03.09 -

GData 19 2010.03.11 Win32:Nebuler-H

Ikarus T3.1.1.80.0 2010.03.11 Trojan.Win32.Nebuler

Jiangmin 13.0.900 2010.03.11 -

K7AntiVirus 7.10.995 2010.03.11 -

Kaspersky 7.0.0.125 2010.03.11 -

McAfee 5917 2010.03.11 Nebuler.dll

McAfee+Artemis 5917 2010.03.11 Nebuler.dll

McAfee-GW-Edition 6.8.5 2010.03.11 Heuristic.BehavesLike.Win32.Downloader.H

Microsoft 1.5502 2010.03.11 Trojan:Win32/Nebuler.J

NOD32 4935 2010.03.11 -

Norman 6.04.08 2010.03.11 -

nProtect 2009.1.8.0 2010.03.11 -

Panda 10.0.2.2 2010.03.11 -

PCTools 7.0.3.5 2010.03.11 -

Prevx 3.0 2010.03.11 Medium Risk Malware

Rising 22.38.03.04 2010.03.11 Trojan.Win32.Generic.51FA52DB

Sophos 4.51.0 2010.03.11 Troj/Nebule-Gen

Sunbelt 5824 2010.03.11 -

Symantec 20091.2.0.41 2010.03.11 Suspicious.Insight

TheHacker 6.5.2.0.230 2010.03.11 -

TrendMicro 9.120.0.1004 2010.03.11 Mal_Neb-2

VBA32 3.12.12.2 2010.03.11 -

ViRobot 2010.3.11.2222 2010.03.11 -

VirusBuster 5.0.27.0 2010.03.11 -

Link to comment
Share on other sites

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kalle at 17:49:09,12 on 2010-03-11

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1250 [GMT 1:00]

AV: F-Secure Anti-Virus Client Security 6.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Anti-Virus Client Security 6.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FCH32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FIH32.EXE

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Spotify\spotify.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\dumprep.exe

C:\Documents and Settings\Kalle\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.svenskafans.com/hockeyzon/lif/forum.asp

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [F-Secure TNB] "c:\program\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program\canon\myprinter\BJMyPrt.exe /logon

mRun: [bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [sM1BG] c:\windows\SM1BG.EXE

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [RoxioDragToDisc] "c:\program\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [NWEReboot]

mRun: [MSKDetectorExe] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [MSKDetct] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\Iaanotif.exe

mRun: [WinampAgent] c:\program\winamp\winampa.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\f-secu~1.lnk - c:\program\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe

IE: &Block this popup - c:\program\f-secure\anti-spyware\blockpopups.htm

IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program\f-secure\anti-spyware\ieshield.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\program\office11\REFIEBAR.DLL

LSP: c:\program\f-secure\fsps\program\FSLSP.DLL

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.postfoto.se/upload/aurigma/ImageUploader4.cab

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Notify: winfjt32 - winfjt32.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-10-24 70896]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\program\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-10-24 32807]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\FSfilter.sys [2006-10-24 48816]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2006-10-24 45056]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\win2k\fsgk.sys [2006-10-24 48256]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\FSrec.sys [2006-10-24 16720]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2006-10-24 110642]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-10 38224]

S2 gupdate;Google Update Service (gupdate);c:\program\google\update\GoogleUpdate.exe [2009-9-26 133104]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys --> c:\windows\system32\drivers\avfsfilter.sys [?]

=============== Created Last 30 ================

2010-03-10 20:46:00 0 d-----w- c:\docume~1\kalle\applic~1\Malwarebytes

2010-03-10 20:45:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 20:45:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 20:45:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-10 20:45:38 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 18:03:03 0 d-----w- c:\program\Messenger

2010-03-10 18:02:52 0 d-----w- c:\windows\l2schemas

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\sv

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\bits

2010-03-10 18:00:35 0 d-----w- c:\windows\ServicePackFiles

2010-03-10 17:58:46 0 d-----w- c:\windows\network diagnostic

2010-03-10 17:55:49 0 d-----w- c:\windows\EHome

2010-03-10 17:47:45 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2010-03-10 17:29:33 0 d-----w- c:\windows\system32\PreInstall

2010-03-10 17:26:58 22752 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-03-10 17:26:58 17624 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-03-10 17:26:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-03-10 17:26:57 15072 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-03-10 17:26:57 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-03-05 16:25:28 0 d-----w- c:\windows\SxsCaPendDel

2010-02-27 08:24:14 39424 ----a-w- c:\windows\system32\winfjt32.dll

2010-02-26 18:24:21 0 d-----w- c:\program\delade filer\Macrovision Shared

2010-02-26 18:23:53 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2010-02-26 18:23:53 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-02-22 17:38:37 26 ----a-w- c:\windows\Zone.Identifier

2010-02-09 20:42:35 0 d-----w- c:\program\Lame for Audacity

2010-02-09 20:19:00 0 d-----w- c:\program\Audacity 1.3 Beta (Unicode)

==================== Find3M ====================

2010-03-10 18:11:59 63494 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-10 18:11:59 384758 ----a-w- c:\windows\system32\perfh01D.dat

2009-04-20 17:07:30 133573480 ----a-w- c:\program\wlsetup-all.exe

2008-11-25 17:47:42 68756776 ----a-w- c:\program\iTunesSetup.exe

2008-02-26 15:45:43 1216496 -c--a-w- c:\program\dnlsetup.exe

2006-11-24 13:24:23 3334480 -c--a-w- c:\program\FotolaboSE-OrderClient-SV.exe

2006-11-07 19:36:32 19666504 -c--a-w- c:\program\QuickTimeInstaller.exe

2004-11-15 13:15:48 1701098 -c--a-w- c:\program\winamp291_std.exe

2003-08-27 13:19:18 36963 -c--a-r- c:\program\delade filer\SM1updtr.dll

2001-10-22 10:09:16 1259960 -c--a-w- c:\program\winzip80.exe

2001-07-10 04:47:42 777728 ----a-w- c:\program\PHOTOED.EXE

1999-10-05 10:50:02 114688 -c--a-w- c:\program\CPsv050.exe

2006-10-24 18:38:42 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-29 09:07:03 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 17:49:21,51 ===============

Edited by kava
Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

O20 - Winlogon Notify: winfjt32 - C:\WINDOWS\SYSTEM32\winfjt32.dll

Avsluta alla andra program.

Tryck Fix checked.

Starta om datorn.

Ta bort filen C:\WINDOWS\SYSTEM32\winfjt32.dll

Starta om i normalt läge och så en ny DDS-logg.

Link to comment
Share on other sites

Jag scannade med Hijack igen och nu verkar den vara borta men är den det när jag kollar i windows, testar nu.

EDIT: den är kvar i "System 32-mappen"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:06:19, on 2010-03-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Documents and Settings\Kalle\Skrivbord\HiJackThis.exe

C:\Program\F-Secure\Common\FSLAUNCH.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.svenskafans.com/hockeyzon/lif/forum.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [bredbandsbolaget Servicecenter] "C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [MSKDetct] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/upload/aurigma/ImageUploader4.cab

O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

O20 - AppInit_DLLs: acaptuser32.dll

O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe (file missing)

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kalle/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

--

End of file - 11832 bytes

Edited by kava
Link to comment
Share on other sites

Spara Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger2/download.php

Kopiera in följande i Anteckningar:

Files to delete:
C:\WINDOWS\SYSTEM32\winfjt32.dll

Kontrollera att det är två rader.

Starta Avenger.

I den stora rutan så klistrar du in texten som finns i Anteckningar (ska fortfarande vara två rader).

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger).

Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

Nu är det dags för ny DDS-logg.

Edited by Cecilia
Link to comment
Share on other sites

Resultatet:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\WINDOWS\SYSTEM32\winfjt32.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Link to comment
Share on other sites

OK, här kommer DDS:en

DDS (Ver_09-12-01.01) - NTFSx86

Run by Kalle at 19:33:56,39 on 2010-03-11

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1362 [GMT 1:00]

AV: F-Secure Anti-Virus Client Security 6.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Anti-Virus Client Security 6.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Common\FSMB32.EXE

C:\Program\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe

C:\Program\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\F-Secure\Common\FCH32.EXE

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe

C:\Program\F-Secure\Anti-Virus\fsqh.exe

C:\Program\F-Secure\Common\FAMEH32.EXE

C:\Program\F-Secure\Anti-Virus\fsrw.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\F-Secure\Common\FNRB32.EXE

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Common\FIH32.EXE

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\stsystra.exe

C:\Program\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

C:\Program\Delade filer\InstallShield\UpdateService\issch.exe

C:\Program\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program\Winamp\winampa.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\Program\F-Secure\ANTI-S~1\fsaw.exe

C:\Program\F-Secure\FSGUI\fsguidll.exe

C:\Documents and Settings\Kalle\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.svenskafans.com/hockeyzon/lif/forum.asp

uSearch Bar = hxxp://www.google.com/ie

uDefault_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=5061017

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bredbandsbolaget Servicecenter Plugin: {db87cde1-ef9c-44eb-a42f-6d0b3c72c516} - c:\program\bredbandsbolaget\servicecenter\IEFixItNowPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [F-Secure TNB] "c:\program\f-secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [CanonSolutionMenu] c:\program\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program\canon\myprinter\BJMyPrt.exe /logon

mRun: [bredbandsbolaget Servicecenter] "c:\program\bredbandsbolaget\servicecenter\Bredbandsbolaget.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"

mRun: [sM1BG] c:\windows\SM1BG.EXE

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [RoxioDragToDisc] "c:\program\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [NWEReboot]

mRun: [MSKDetectorExe] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [MSKDetct] c:\program\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [iSUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program\delade filer\installshield\updateservice\isuspm.exe" -startup

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\Iaanotif.exe

mRun: [WinampAgent] c:\program\winamp\winampa.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\f-secu~1.lnk - c:\program\f-secure\backweb\7681197\program\F-Secure Automatic Update.exe

IE: &Block this popup - c:\program\f-secure\anti-spyware\blockpopups.htm

IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program\f-secure\anti-spyware\ieshield.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\program\office11\REFIEBAR.DLL

LSP: c:\program\f-secure\fsps\program\FSLSP.DLL

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.tvlution.com/KooPlayer.ocx

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268241970421

DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.postfoto.se/aurigma/ImageUploader4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.postfoto.se/upload/aurigma/ImageUploader4.cab

DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Notify: winfjt32 - winfjt32.dll

AppInit_DLLs: acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-10-24 70896]

R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\program\f-secure\backweb\7681197\program\SERVIC~1.EXE [2006-10-24 32807]

R2 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\FSfilter.sys [2006-10-24 48816]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2006-10-24 45056]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\win2k\fsgk.sys [2006-10-24 48256]

R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\FSrec.sys [2006-10-24 16720]

R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program\f-secure\common\FNRB32.exe [2006-10-24 110642]

S2 gupdate;Google Update Service (gupdate);c:\program\google\update\GoogleUpdate.exe [2009-9-26 133104]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys --> c:\windows\system32\drivers\avfsfilter.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-10 38224]

=============== Created Last 30 ================

2010-03-10 20:46:00 0 d-----w- c:\docume~1\kalle\applic~1\Malwarebytes

2010-03-10 20:45:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-10 20:45:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-10 20:45:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-10 20:45:38 0 d-----w- c:\program\Malwarebytes' Anti-Malware

2010-03-10 18:03:03 0 d-----w- c:\program\Messenger

2010-03-10 18:02:52 0 d-----w- c:\windows\l2schemas

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\sv

2010-03-10 18:02:51 0 d-----w- c:\windows\system32\bits

2010-03-10 18:00:35 0 d-----w- c:\windows\ServicePackFiles

2010-03-10 17:58:46 0 d-----w- c:\windows\network diagnostic

2010-03-10 17:55:49 0 d-----w- c:\windows\EHome

2010-03-10 17:47:45 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2010-03-10 17:29:33 0 d-----w- c:\windows\system32\PreInstall

2010-03-10 17:26:58 22752 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-03-10 17:26:58 17624 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-03-10 17:26:58 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-03-10 17:26:57 15072 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-03-10 17:26:57 0 d-----w- c:\windows\system32\SoftwareDistribution

2010-03-05 16:25:28 0 d-----w- c:\windows\SxsCaPendDel

2010-02-26 18:24:21 0 d-----w- c:\program\delade filer\Macrovision Shared

2010-02-26 18:23:53 45392 ----a-r- c:\windows\system32\AdobePDF.dll

2010-02-26 18:23:53 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-02-22 17:38:37 26 ----a-w- c:\windows\Zone.Identifier

2010-02-09 20:42:35 0 d-----w- c:\program\Lame for Audacity

2010-02-09 20:19:00 0 d-----w- c:\program\Audacity 1.3 Beta (Unicode)

==================== Find3M ====================

2010-03-10 18:11:59 63494 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-10 18:11:59 384758 ----a-w- c:\windows\system32\perfh01D.dat

2009-04-20 17:07:30 133573480 ----a-w- c:\program\wlsetup-all.exe

2008-11-25 17:47:42 68756776 ----a-w- c:\program\iTunesSetup.exe

2008-02-26 15:45:43 1216496 -c--a-w- c:\program\dnlsetup.exe

2006-11-24 13:24:23 3334480 -c--a-w- c:\program\FotolaboSE-OrderClient-SV.exe

2006-11-07 19:36:32 19666504 -c--a-w- c:\program\QuickTimeInstaller.exe

2004-11-15 13:15:48 1701098 -c--a-w- c:\program\winamp291_std.exe

2003-08-27 13:19:18 36963 -c--a-r- c:\program\delade filer\SM1updtr.dll

2001-10-22 10:09:16 1259960 -c--a-w- c:\program\winzip80.exe

2001-07-10 04:47:42 777728 ----a-w- c:\program\PHOTOED.EXE

1999-10-05 10:50:02 114688 -c--a-w- c:\program\CPsv050.exe

2006-10-24 18:38:42 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-11-29 09:07:03 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat

============= FINISH: 19:34:18,64 ===============

Link to comment
Share on other sites

Jag kopierar ner felen som jag har kvar från första inlägget.

Datorn startar om nu utan att jag behövde trycka på strömbrytaren:)

När jag ska öppna någon mapp som innehåller musik eller video vill datorn installera något som heter "Sonic Cinplayer Decoder Pack"

Felet kvarstår

När jag ska öppna utforskaren så har jag plötsligt börjat få ett meddelande: Se bifogad bild.

post-5051-1268333788,09_thumb.png

Hur blir man av med det?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share