search protocol host och explorer

[perjak]

Datorn har börjat strula och jag har mina misstankar om att något gick snett när jag lade in SP2.

 

Felet yttrar sig i att search protocol host dör och att även utforskaren upphör att fungera och startas om.

 

Då Hijackthis brukar vara en bra inkörspunkt lägger jag in en log här

 

[log] Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:14:52, on 2009-09-08

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Pantone\huey\hueyTray.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\mobsync.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=4081106

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/advanced_search?hl=sv

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer erhållet från Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)

O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\Windows\XviDplg.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe

O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

--

End of file - 10231 bytes

[/log]

 

Här kommer även ett utdrag ur windows log

 

 

 

[log]

 

2009-09-08 20:33 Application Error Felet uppstod i programmet SearchProtocolHost.exe, version 7.0.6002.18005, tidsstämpel 0x49e0244d, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0x14c4, programmets starttid 0x01ca30c39237e6f8.

2009-09-08 20:33 Application Error Felet uppstod i programmet explorer.exe, version 6.0.6002.18005, tidsstämpel 0x49e01da5, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0x1404, programmets starttid 0x01ca30c39b0d4138.

2009-09-08 20:33 Application Error Felet uppstod i programmet explorer.exe, version 6.0.6002.18005, tidsstämpel 0x49e01da5, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0xce4, programmets starttid 0x01ca30c09a065fe8.

2009-09-08 20:33 Application Error Felet uppstod i programmet SearchProtocolHost.exe, version 7.0.6002.18005, tidsstämpel 0x49e0244d, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0x854, programmets starttid 0x01ca30c3906096b8.

2009-09-08 20:33 Application Error Felet uppstod i programmet SearchProtocolHost.exe, version 7.0.6002.18005, tidsstämpel 0x49e0244d, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0xf30, programmets starttid 0x01ca30c38dabe698.

2009-09-08 20:26 Windows Error Reporting Fel-bucket 1264264329, typ 1
Händelsenamn: APPCRASH
Svar: Ingen
Kabinett-ID: 0

Problemsignatur:
P1: SearchProtocolHost.exe
P2: 7.0.6002.18005
P3: 49e0244d
P4: kernel32.dll
P5: 6.0.6002.18005
P6: 49e037dd
P7: c06d007e
P8: 0003fbae
P9: 
P10: 

Bifogade filer:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report136137d0\WER2C8A.tmp.version.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report136137d0\WER2C8B.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report136137d0\WER2CE9.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report136137d0\WER3727.tmp.mdmp

Filerna kan vara tillgängliga på följande plats:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report074b2d06

2009-09-08 20:24 Application Error Felet uppstod i programmet SearchProtocolHost.exe, version 7.0.6002.18005, tidsstämpel 0x49e0244d, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0x121c, programmets starttid 0x01ca30c26423cf58.

2009-09-08 20:24 Application Error Felet uppstod i programmet SearchProtocolHost.exe, version 7.0.6002.18005, tidsstämpel 0x49e0244d, felet uppstod i modulen kernel32.dll, version 6.0.6002.18005, tidsstämpel 0x49e037dd, undantagskod 0xc06d007e, felförskjutning 0x0003fbae, process-ID 0xefc, programmets starttid 0x01ca30c262172ea8.

2009-09-08 20:17 Windows Error Reporting Fel-bucket 1264264329, typ 1
Händelsenamn: APPCRASH
Svar: Ingen
Kabinett-ID: 0

Problemsignatur:
P1: SearchProtocolHost.exe
P2: 7.0.6002.18005
P3: 49e0244d
P4: kernel32.dll
P5: 6.0.6002.18005
P6: 49e037dd
P7: c06d007e
P8: 0003fbae
P9: 
P10: 

Bifogade filer:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report11653aad\WER2FB4.tmp.version.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report11653aad\WER2FB5.tmp.appcompat.txt
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report11653aad\WER2FD6.tmp.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report11653aad\WER3A14.tmp.mdmp

Filerna kan vara tillgängliga på följande plats:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report16c28c55

[/log]

 

/PeO

 

[Cecilia]

Det är ju lämpligt i så fall att börja med att avinstallera SP2 eftersom datorn verkar vara infekterad och det kan ge upphov till problem med installationer.

 

Därefter så ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

[perjak]

Oj, vilken service. Svar efter midnatt.

 

Gör det någon skillnad om jag rensar ur datorn först och sedan gör eventuella av- och ominstallationer? Jag chansar med att vänta.

 

Jag hade redan malewarebytes och det var inte så väldigt länge sen jag körde en scan. Då utan problem. Nu hittades 8 problem vilka redovisas nedan.

 

[log]Malwarebytes' Anti-Malware 1.40

Databasversion: 2763

Windows 6.0.6002 Service Pack 2

 

2009-09-09 04:14:17

mbam-log-2009-09-09 (04-14-17).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 87448

Förfluten tid: 4 minute(s), 27 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 7

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1fd79a59-37b1-459b-9097-09f9fab8a523} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b97f9125-71a1-48d0-b920-f140ef8de809} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Windows\XviDplg.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Windows\Tasks\RegClean Scheduled Scan.job (Rogue.RegClean) -> Quarantined and deleted successfully.

[/log]

 

En ny hijackthis-log följer nedan.

 

 

[log] Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:14:52, on 2009-09-08

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Pantone\huey\hueyTray.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\mobsync.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=4081106

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/advanced_search?hl=sv

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer erhållet från Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)

O2 - BHO: CDNSCacheObj Object - {376892AE-1825-4E5F-9F85-23F9640051CC} - C:\Windows\XviDplg.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe

O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

--

End of file - 10231 bytes

[/log]

 

[Cecilia]

Det är den gamla HijackThis-loggen. Ta bort den innan du kör HijackThis igen.

 

[perjak]

Ursäkta. Jag var nog lite för trött i morse.

 

Här kommer en ny hijack-log

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:35:19, on 2009-09-09

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Pantone\huey\hueyTray.exe

C:\Program Files\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=4081106

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/advanced_search?hl=sv

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer erhållet från Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe

O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

--

End of file - 10168 bytes

[/log]

 

[Cecilia]

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)

O13 - Gopher Prefix:

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Hur fungerar den nu?

 

[perjak]

Tyvärr samma problem.

 

Vad var det för något som jag fixade med hijack tidigare?

 

[Cecilia]

En rad i registret som var kvar efter MBAM rensning:

http://www.systemlookup.com/CLSID/56591-mplayerplugin_dll_XviDplg_dll.html

 

Hur man avinstallerar SP2 och sedan hur man installerar på bästa sätt inkl. tips att göra innan en installation:

http://windowshelp.microsoft.com/Windows/sv-se/help/105f7420-6f7f-4fe8-8698-2f40ca5f53711053.mspx

 

[perjak]

Ok.

 

Tack för hjälpen så här långt. Nu ska jag avinstallera samtliga uppdateringar bakåt i tiden t.o.m. SP2. Sen får Microsoft update göra om det hela.

 

Jag lär återkomma med resultatet.

 

[Cecilia]

Ja, gör det för det är alltid intressant att få veta hur det går

 

[perjak]

Nu är allt borta. Vissa uppdateringar, inklusive SP2, kunde inte avinstalleras helt. Innan åter installation påbörjas verkar allt funka som det ska.

 

[Cecilia]

Vad menar du med att SP2 inte kunde avinstalleras helt?

 

[perjak]

När jag jobbade mig nedåt i listan med uppdateringar så var det 3-4 säkerhetsuppdateringar och uppdateringar till Windows som inte kunde avinstalleras helt. Detsamma gäller servicepacken. Det kommer upp ett windows felmeddelandefönster som säger att vissa delar inte kunde avinstalleras.

 

(finns det något sätt att tvinga en redan installerad uppdatering att installeras igen? Då skulle jag ju kunna tvinga på datorn SP2 igen om det skulle vara så att något gick snett när den installerades)

 

Jag lät microsoft upate lägga in allt som den funktionen ansåg behövas och så var jag tillbaka på ruta ett. :-(

 

Ny rensning påbörjades, men efter en stund hoppade automatisk uppdatering igång och la dit flera av dom uppdateringar jag just avinstallerat... Tänk om jag kommit på den briljanta att stänga av den funktionen.

 

Nåväl, nu blir det uppehåll för i kväll. Jag tackar för ditt engagemang såhär långt och återkommer med nya försök i morgon.

 

[inlägget ändrat 2009-09-09 21:26:51 av perjak]

[Cecilia]

På Microsoft-sidan jag länkade till förut så står det om alternativet "Hämta SP2 från Microsofts webbplats", det kan du använda.

 

[perjak]

Nu återupptas arbetet.

 

Jag har backat systemet till en backup gjord strax efter installationen av SP2. (norton ghost) Nu funkar det. Helst skulle jag vilja ominstallera ett antal uppdateringar till bakåt, inkl sp2, men det går inte. Windows påstår att alla uppdateringar inte kunde avinstalleras. (se bifogad bild)

 

Kan jag tvinga på systemet redan installerade uppdateringar? Jag har prövat att söka dom separat via microsofts download-sida men systemet vägrar ta emot dom.

 

Jag har kört malewarebytes (fullständig skanning) och hijackthis enligt tidigare instruktion. Jag bifogar loggar nedan. Syns det något konstigt?

 

 

[log]Malwarebytes' Anti-Malware 1.40

Databasversion: 2773

Windows 6.0.6002 Service Pack 2

 

2009-09-10 21:32:41

mbam-log-2009-09-10 (21-32-41).txt

 

Skanningstyp: Fullständig skanning (C:\|M:\|)

Antal skannade objekt: 298318

Förfluten tid: 1 hour(s), 15 minute(s), 1 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:36:18, on 2009-09-10

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Pantone\huey\hueyTray.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=4081106

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/advanced_search?hl=sv

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer erhållet från Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe

O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

--

End of file - 10364 bytes

[/log]

 

[bild bifogad 2009-09-10 21:39:40 av perjak]

[perjak]

Jag lägger till lite info.

 

För att få in uppdateringar var först windows update tvunget att uppdateras till microsoft update. Gjorde detta och startade om datorn. Då hamnade jag i en loop där datorn startas om hela tiden. Man kommer till skärmen Uppdateringar konfigureras steg 3 av 3 0% sen görs ny omstart.

 

Jag blir tokig!!!!!

 

[Cecilia]

Du har nu råkat ut för ett problem som drabbar en del datorer med F-secure. F-secure arbetar på en fix men har inte lyckats än för alla fall.

http://www.alltomxp.se/forum/index.php?showtopic=18984&hl=

På slutet av första inlägget så står en beskrivning av hur man kommer ur loopen. Går det bra att följa den?

 

[perjak]

Jag valde att backa igen. Nu funkar allt som det ska och det första jag gjorde efter att jag lagt tillbaka backupen var att ladda ner Bredbandsbolagets säkerhetscenter igen. (F-secure) Nu ska jag försöka lägga in uppdateringar en och en för att se vad det är som gör att utforskaren börjar trilskas.

 

[Cecilia]

Det är helt klart problem med F-secure och Windows-uppdateringar från och med augusti.

 

[perjak]

Nu har jag lyckats installera samtliga uppdateringar för Vista och datorn verkar må prima.

 

Tänk om det hela berodde på F-secur

 

För att få ett kvitto på detta hoppas jag att jag kan få ett utlåtande över följande Hijack-log. (jag har även scannat med Malewarebytes och dess log visade noll fel)

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:04:42, on 2009-09-12

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Bredbandsbolaget Security Services\FSGUI\fsguidll.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Pantone\huey\hueyTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=4081106

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/advanced_search?hl=sv

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer erhållet från Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe

O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Bredbandsbolaget Security Services\ORSP Client\fsorsp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

 

--

End of file - 10324 bytes

[/log]

 

 

 

[Cecilia]

Jag ser inget skadligt i loggen, men det finns många skadliga program som inte syns i en HijackThis-logg.

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://ceblstockholm.googlepages.com/home

 

[perjak]

Jag har läst på din sida och den är väldigt matnyttig. Jag har bredbandsbolagets säker bas som rullar och uppdaterar sig automatiskt och den scannar igenom datorn en gång i veckan. Kör även Maleware lite då och då. Dessutom görs en Norton Ghost-backup varje kväll.

 

NU verkar allt funka och tills vidare tillskriver vi strulet konflikt mellan F-secure och Microsoft update.

 

Du ska ha jättetack för din hjälp!

 

[Cecilia]

Tack för poäng!

 

Mats har skrivit en del om Windows Update och F-secure på

http://pcforallasmart.idg.se/forum/thread.jsp?forumid=3&rootid=511432