Just nu i M3-nätverket
Gå till innehåll

Biberkolben

Medlem
  • Antal inlägg

    32
  • Gick med

  • Senaste besök

Foruminlägg postade av Biberkolben


  1. Hej!

    Ursäkta (igen) för att ett så sent svar, men jag har varit på semester. Jag borde lära mig att svara lite lägligare...

     

    Tack för tipset! Dock så är jag lite nojig när det gäller systemåterställningar så innan jag gör det vill jag helst backupa några viktiga filer. Dock så har jag lånat ut min externa hårddisk för tillfället, så jag får kräva tillbaka den först.

     

    Återkommer med svar när jag gjort som du sa! :)

     

    MvH

     

    Anton


  2. Hej igen!

     

    Ursäkta mitt OTROLIGT sena svar, men strax efter mitt senaste inlägg så kraschade datorn...

     

    Fick igång den rätt nyligen, men vad är det som händer då?

    Jo, ytterligare en attack. Den här gången är det från ett program som heter XP Defender. Sökte på programmet och fick en länk till ett program man blev rekommenderad att använda för att ta bort det. SpyHunter hette det, dock så kostar det pengar att ta bort alla skadliga filer efter att man scannat datorn, så jag litar inte riktigt på det heller. Försökte istället att använda MBAM igen, men det ville inte starta konstigt nog.

     

    Gjorde dock en scanning med HijackThis och här är loggfilen:

     

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 16:56:17, on 2010-03-28

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16981)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Executive Software\Diskeeper\DkService.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

    C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE

    C:\Program Files\Intel\IDU\IDUServ.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\Tablet.exe

    C:\WINDOWS\ehome\mcrdsvc.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

    C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

    C:\Documents and Settings\Multimedia\Local Settings\Application Data\ave.exe

    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Intel\IDU\awtray.exe

    C:\Program1\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\Program Files\Intel\IDU\iptray.exe

    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program1\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE

    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\QuickTime\QTTask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\WTablet\TabUserW.exe

    C:\Program1\NETGEAR\WG311v3\wlancfg5.exe

    C:\Program Files\Windows Media Player\WMPNetwk.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program1\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

    O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"

    O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"

    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program1\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe

    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program1\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart

    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [updateMgr] C:\Program1\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?

    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

    O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM

    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187650169578

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{49EBCB0D-A01E-4673-986C-4366844FA9EC}: NameServer = 192.168.1.1

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

     

    --

    End of file - 13236 bytes

     

     

    Som vanligt har jag ingen aning om vad som händer... Är dock oerhört tacksam för all hjälp jag fått innan, Cecilia! Hoppas bara att kunna bli av med den här skiten också.

     

    /Anton


  3. Hej!

     

    Japp, jag hittade mappen igår och tog bort den. Det verkar vara bättre med datorn nu, fast när jag startade den för någon timme sen dök det upp en varning att 'Virus hittat. Tas bort' igen. :(

     

    Viruset hade döpt sig till svchost.exe igen fast den här gången var det ingen trojan stod det. Fast det var ett tag sen nu och det har inte dykt upp några fler varningar, så jag vet inte riktigt. Jag återkommer om det kommer en till virusvarning.


  4. Nu har jag gjort som du sagt och kört HijackThis. Här är loggen:

     

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:39:23, on 2010-02-09

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16981)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Executive Software\Diskeeper\DkService.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

    C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE

    C:\Program Files\Intel\IDU\IDUServ.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\Tablet.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Intel\IDU\iptray.exe

    C:\Program Files\Intel\IDU\awtray.exe

    C:\Program1\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program1\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE

    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

    C:\Program Files\QuickTime\QTTask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program1\NETGEAR\WG311v3\wlancfg5.exe

    C:\WINDOWS\system32\WTablet\TabUserW.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.se/0SESVSE/SAOS02

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://subdvd.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program1\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - (no file)

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - (no file)

    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

    O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"

    O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"

    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program1\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe

    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [RestoreIT!] "C:\Program1\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart

    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [updateMgr] C:\Program1\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?

    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

    O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM

    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187650169578

    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{49EBCB0D-A01E-4673-986C-4366844FA9EC}: NameServer = 192.168.1.1

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O22 - SharedTaskScheduler: clinker - {a4029063-4fe3-422c-ac72-12905c09642a} - (no file)

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: Intel® Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

     

    --

    End of file - 12682 bytes

     

     

     

    Fast den här mappen, c:\docume~1\multim~1\applic~1\SystemProc, hittar jag inte. Den borde väl ligga i application data-mappen, men det gör den inte?


  5. Inga skadliga program hittades den här gången. Postar loggfilerna ändå:

     

     

     

    Malwarebytes' Anti-Malware 1.44

    Databasversion: 3701

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 7.0.5730.11

     

    2010-02-07 20:49:30

    mbam-log-2010-02-07 (20-49-30).txt

     

    Skanningstyp: Fullständig skanning (B:\|C:\|E:\|)

    Antal skannade objekt: 374269

    Förfluten tid: 1 hour(s), 47 minute(s), 42 second(s)

     

    Infekterade minnesprocesser: 0

    Infekterade minnesmoduler: 0

    Infekterade registernycklar: 0

    Infekterade registervärden: 0

    Infekterade registerdataposter: 0

    Infekterade mappar: 0

    Infekterade filer: 0

     

    Infekterade minnesprocesser:

    (Inga illasinnade poster hittades)

     

    Infekterade minnesmoduler:

    (Inga illasinnade poster hittades)

     

    Infekterade registernycklar:

    (Inga illasinnade poster hittades)

     

    Infekterade registervärden:

    (Inga illasinnade poster hittades)

     

    Infekterade registerdataposter:

    (Inga illasinnade poster hittades)

     

    Infekterade mappar:

    (Inga illasinnade poster hittades)

     

    Infekterade filer:

    (Inga illasinnade poster hittades)

     

     

     

    DDS (Ver_09-12-01.01) - NTFSx86

    Run by Multimedia at 20:52:04,67 on 2010-02-07

    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02

    Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1014.226 [GMT 1:00]

     

    AV: F-Secure Internet Security 2010 10.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

    FW: F-Secure Internet Security 2010 10.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

     

    ============== Running Processes ===============

     

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Executive Software\Diskeeper\DkService.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

    C:\Program Files\Intel\IDU\IDUServ.exe

    C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    svchost.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\system32\Tablet.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Intel\IDU\iptray.exe

    C:\Program Files\Intel\IDU\awtray.exe

    C:\Program1\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program1\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE

    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

    C:\Program Files\QuickTime\QTTask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program1\NETGEAR\WG311v3\wlancfg5.exe

    C:\WINDOWS\system32\WTablet\TabUserW.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

    C:\Documents and Settings\Multimedia\Desktop\dds.scr

     

    ============== Pseudo HJT Report ===============

     

    uStart Page = hxxp://subdvd.com/

    uSearch Bar = hxxp://g.msn.se/0SESVSE/SAOS02

    uInternet Settings,ProxyOverride = *.local

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program1\spybot - search & destroy\SDHelper.dll

    {5dde5591-a8ab-4897-93ef-1e4e943f85a7}

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll

    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

    TB: Protection Bar: {cc18ae76-7e65-4258-a193-9ea0c52da6b8} -

    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll

    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [PowerBar]

    uRun: [updateMgr] c:\program1\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5

    uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

    mRun: [ehTray] c:\windows\ehome\ehtray.exe

    mRun: [igfxtray] c:\windows\system32\igfxtray.exe

    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

    mRun: [igfxpers] c:\windows\system32\igfxpers.exe

    mRun: [sigmatelSysTrayApp] sttray.exe

    mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"

    mRun: [awTray.exe] "c:\program files\intel\idu\awtray.exe"

    mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"

    mRun: [farstone]

    mRun: [RemoteControl] "c:\program1\cyberlink dvd solution\powerdvd\PDVDServ.exe"

    mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"

    mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"

    mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"

    mRun: [intelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT

    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

    mRun: [RestoreIT!] "c:\program1\farstone\restoreit\restoreit_xp\VBPTASK.EXE" VBStart

    mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe

    mRun: [<NO NAME>]

    mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

    mRun: [F-Secure Manager] "c:\program files\f-secure internet security\common\FSM32.EXE" /splash

    mRun: [F-Secure TNB] "c:\program files\f-secure internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

    IE: Download with Xilisoft YouTube Video Converter - c:\program files\xilisoft\youtube video converter\upod_link.HTM

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    LSP: c:\program files\f-secure internet security\fsps\program\FSLSP.DLL

    DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187650169578

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    TCP: {49EBCB0D-A01E-4673-986C-4366844FA9EC} = 192.168.1.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: MsgPlusLoader.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    STS: {a4029063-4fe3-422c-ac72-12905c09642a}: clinker

    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

     

    ================= FIREFOX ===================

     

    FF - ProfilePath - c:\docume~1\multim~1\applic~1\mozilla\firefox\profiles\rtgz811r.default\

    FF - component: c:\program files\f-secure internet security\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npcnc32.dll

    FF - plugin: c:\windows\system32\clickteam\vitalize\v4\npcnc32.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

     

    ---- FIREFOX POLICIES ----

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

     

    ============= SERVICES / DRIVERS ===============

     

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-27 33920]

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-3-27 80000]

    R0 RITFSD;RITFSD;c:\windows\system32\drivers\RITFSD.sys [2006-3-8 33249]

    R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2007-8-21 183987]

    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure internet security\hips\drivers\fshs.sys [2009-3-27 68064]

    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure internet security\anti-virus\fsgk32st.exe [2009-3-27 215648]

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

    R2 Rcfilter;Rcfilter;c:\windows\system32\drivers\Rcfilter.sys [2006-3-8 31872]

    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-4 13592]

    R3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [2006-3-8 14074]

    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure internet security\anti-virus\minifilter\fsgk.sys [2009-3-27 107104]

    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure internet security\orsp client\fsorsp.exe [2009-3-27 56000]

    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\admini~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2007-8-16 52736]

    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys [2009-3-27 39776]

    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys [2009-3-27 25184]

     

    =============== Created Last 30 ================

     

    2010-01-26 10:31:42 128 ----a-w- c:\windows\system32\perf.dat

    2010-01-26 09:51:11 552 ----a-w- c:\windows\system32\d3d8caps.dat

    2010-01-20 13:22:43 0 d-sh--w- c:\docume~1\multim~1\applic~1\SystemProc

    2010-01-13 12:22:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

     

    ==================== Find3M ====================

     

    2010-02-07 17:53:13 12942 ----a-w- c:\windows\system32\tablet.dat

    2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

    2009-12-30 13:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-12-30 13:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

    2005-01-09 08:54:32 182568 -c--a-w- c:\program files\shortcircuit.chm

    2005-01-05 16:22:44 3802 -c--a-w- c:\program files\morphEQ-preset.xml

    2004-10-01 23:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

    2005-05-14 00:12:00 217073 --sha-r- c:\windows\meta4.exe

    2005-10-24 18:13:58 66560 --sha-r- c:\windows\MOTA113.exe

    2005-07-14 19:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll

    2005-06-26 22:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

    2005-06-22 05:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

    2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

    2005-02-28 20:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

    2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

    2008-12-03 21:10:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat

     

    ============= FINISH: 20:54:43,62 ===============

     

     

    Vad ska jag göra nu då? Radera alla filer i MBAM-karantänen?


  6. Nu blev precis färdig med allt. Åkte bort i förrgår så kunde inte göra nåt förrän idag. Här är loggen:

     

     

    Malwarebytes' Anti-Malware 1.44

    Databasversion: 3700

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 7.0.5730.11

     

    2010-02-07 15:01:44

    mbam-log-2010-02-07 (15-01-44).txt

     

    Skanningstyp: Fullständig skanning (B:\|C:\|E:\|)

    Antal skannade objekt: 382903

    Förfluten tid: 2 hour(s), 52 minute(s), 56 second(s)

     

    Infekterade minnesprocesser: 0

    Infekterade minnesmoduler: 0

    Infekterade registernycklar: 0

    Infekterade registervärden: 1

    Infekterade registerdataposter: 0

    Infekterade mappar: 7

    Infekterade filer: 21

     

    Infekterade minnesprocesser:

    (Inga illasinnade poster hittades)

     

    Infekterade minnesmoduler:

    (Inga illasinnade poster hittades)

     

    Infekterade registernycklar:

    (Inga illasinnade poster hittades)

     

    Infekterade registervärden:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.

     

    Infekterade registerdataposter:

    (Inga illasinnade poster hittades)

     

    Infekterade mappar:

    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.

    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.

    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.

     

    Infekterade filer:

    C:\Documents and Settings\Multimedia\Local Settings\Temp\xoreswcnam.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

    C:\WINDOWS\RegGenieOnUninstall.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Start Menu\Programs\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.

    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.

    C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Desktop\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Desktop\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Anton\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\Documents and Settings\Multimedia\Start Menu\Programs\Startup\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

    C:\confin.sys (Malware.Trace) -> Quarantined and deleted successfully.

     

     

     

     

    Är det nåt mer som ska göras nu? Ska tömma karantän till exempel?


  7. Stort tack!

    Det är dock en sak jag undrar över innan jag kör igång.

     

    Kör RKill flera gånger efter varandra tills du inte ser till det skadliga programmet längre, dock max 10 gånger. Fortsätt med resten sedan.

     

    Menar du att Antivirus plus kommer att hoppa igång medan jag kör RKill? Eller hur vet jag när programmet är borta? På skrivbordet finns det en Antivirus plus-genväg, kommer ikonen försvinna om det går rätt till?


  8. Okej, tack!

    Har precis kört DDS nu:

     

     

    DDS (Ver_09-12-01.01) - NTFSx86

    Run by Multimedia at 18:24:44,54 on 2010-02-04

    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02

    Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.1014.347 [GMT 1:00]

     

    AV: F-Secure Internet Security 2010 10.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

    FW: F-Secure Internet Security 2010 10.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}

     

    ============== Running Processes ===============

     

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Executive Software\Diskeeper\DkService.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

    C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE

    C:\Program Files\Intel\IDU\IDUServ.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    svchost.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\WINDOWS\system32\Tablet.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\igfxpers.exe

    C:\Program Files\Intel\IDU\iptray.exe

    C:\Program Files\Intel\IDU\awtray.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program1\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

    C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program1\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE

    C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

    C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

    C:\Program Files\QuickTime\QTTask.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program1\NETGEAR\WG311v3\wlancfg5.exe

    C:\WINDOWS\system32\WTablet\TabUserW.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

    C:\Documents and Settings\Multimedia\Desktop\dds.scr

     

    ============== Pseudo HJT Report ===============

     

    uStart Page = hxxp://subdvd.com/

    uSearch Bar = hxxp://g.msn.se/0SESVSE/SAOS02

    uInternet Settings,ProxyOverride = *.local

    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program1\spybot - search & destroy\SDHelper.dll

    {5dde5591-a8ab-4897-93ef-1e4e943f85a7}

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll

    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

    TB: Protection Bar: {cc18ae76-7e65-4258-a193-9ea0c52da6b8} -

    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll

    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [PowerBar]

    uRun: [updateMgr] c:\program1\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5

    uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

    uRun: [AntiVirus Plus] "c:\windows\system32\rundll32.exe" "c:\documents and settings\multimedia\application data\antivirus plus\AntiVirus Plus.70700.dll", start 70700

    mRun: [ehTray] c:\windows\ehome\ehtray.exe

    mRun: [igfxtray] c:\windows\system32\igfxtray.exe

    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

    mRun: [igfxpers] c:\windows\system32\igfxpers.exe

    mRun: [sigmatelSysTrayApp] sttray.exe

    mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"

    mRun: [awTray.exe] "c:\program files\intel\idu\awtray.exe"

    mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"

    mRun: [farstone]

    mRun: [RemoteControl] "c:\program1\cyberlink dvd solution\powerdvd\PDVDServ.exe"

    mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"

    mRun: [TotalRecorderScheduler] "c:\program files\highcriteria\totalrecorder\TotRecSched.exe"

    mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"

    mRun: [intelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT

    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

    mRun: [RestoreIT!] "c:\program1\farstone\restoreit\restoreit_xp\VBPTASK.EXE" VBStart

    mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe

    mRun: [<NO NAME>]

    mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"

    mRun: [F-Secure Manager] "c:\program files\f-secure internet security\common\FSM32.EXE" /splash

    mRun: [F-Secure TNB] "c:\program files\f-secure internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE

    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

    mExplorerRun: [RTHDBPL] c:\documents and settings\multimedia\application data\systemproc\lsass.exe

    StartupFolder: c:\docume~1\multim~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\antivi~1.lnk - c:\windows\system32\rundll32.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe

    IE: Download with Xilisoft YouTube Video Converter - c:\program files\xilisoft\youtube video converter\upod_link.HTM

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

    LSP: c:\program files\f-secure internet security\fsps\program\FSLSP.DLL

    DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187650169578

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

    TCP: {49EBCB0D-A01E-4673-986C-4366844FA9EC} = 192.168.1.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: MsgPlusLoader.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    STS: {a4029063-4fe3-422c-ac72-12905c09642a}: clinker

    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

     

    ================= FIREFOX ===================

     

    FF - ProfilePath - c:\docume~1\multim~1\applic~1\mozilla\firefox\profiles\rtgz811r.default\

    FF - component: c:\program files\f-secure internet security\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npcnc32.dll

    FF - plugin: c:\windows\system32\clickteam\vitalize\v4\npcnc32.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

     

    ---- FIREFOX POLICIES ----

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

     

    ============= SERVICES / DRIVERS ===============

     

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-27 33920]

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-3-27 80000]

    R0 RITFSD;RITFSD;c:\windows\system32\drivers\RITFSD.sys [2006-3-8 33249]

    R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2007-8-21 183987]

    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure internet security\hips\drivers\fshs.sys [2009-3-27 68064]

    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure internet security\anti-virus\fsgk32st.exe [2009-3-27 215648]

    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

    R2 Rcfilter;Rcfilter;c:\windows\system32\drivers\Rcfilter.sys [2006-3-8 31872]

    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-4 13592]

    R3 exdisk;Express Disk Service;c:\windows\system32\drivers\exdisk.sys [2006-3-8 14074]

    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure internet security\anti-virus\minifilter\fsgk.sys [2009-3-27 107104]

    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure internet security\orsp client\fsorsp.exe [2009-3-27 56000]

    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\admini~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2007-8-16 52736]

    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys [2009-3-27 39776]

    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys [2009-3-27 25184]

     

    =============== Created Last 30 ================

     

    2010-01-26 10:31:42 128 ----a-w- c:\windows\system32\perf.dat

    2010-01-26 09:51:11 552 ----a-w- c:\windows\system32\d3d8caps.dat

    2010-01-25 16:25:55 10 ----a-w- C:\confin.sys

    2010-01-20 13:22:43 0 d-sh--w- c:\docume~1\multim~1\applic~1\SystemProc

    2010-01-20 13:22:14 0 d-----w- c:\docume~1\multim~1\applic~1\AntiVirus Plus

    2010-01-13 12:22:08 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

     

    ==================== Find3M ====================

     

    2010-02-04 17:15:23 12942 ----a-w- c:\windows\system32\tablet.dat

    2010-01-14 10:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe

    2005-01-09 08:54:32 182568 -c--a-w- c:\program files\shortcircuit.chm

    2005-01-05 16:22:44 3802 -c--a-w- c:\program files\morphEQ-preset.xml

    2004-10-01 23:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

    2005-05-14 00:12:00 217073 --sha-r- c:\windows\meta4.exe

    2005-10-24 18:13:58 66560 --sha-r- c:\windows\MOTA113.exe

    2005-07-14 19:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll

    2005-06-26 22:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

    2005-06-22 05:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

    2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

    2005-02-28 20:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

    2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

    2008-12-03 21:10:11 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120320081204\index.dat

     

    ============= FINISH: 18:27:00,82 ===============

     

     

    Personligen har jag absolut ingen aning om vad det betyder, men hoppas att du vet. Stort tack igen för ditt svar!


  9. Hej!

     

    I ett par veckor nu så har jag haft en trojaninvasion på datorn, och jag vet inte vad jag ska göra. I stort sett hela tiden varnar mitt antivirusprogram (har f-secure) att "virus hittats, tas bort". Viruset är alltid en trojan och befinner sig alltid i windows temp-mappen, och heter alltid svchost.exe. Oftast när viruset tas bort så uppmanas jag av f-secure att starta om datorn, vilket jag gör, men det tar ju aldrig slut. De kommer tillbaka hela tiden trots att jag tar bort dem, vad ska jag göra? Det är även samma trojaner som återkommer dessutom, jag känner igen namnen på dem.

     

    Nu på senare tid har även antivirusprogrammet misslyckats med att ta bort viruset, dock återkommer samma virus senare och tas bort då, men kommer sen tillbaka. En annan skum sak är att Internet Explorer ibland hoppar igång av sig sjävt, trots att jag bara använder Firefox, och ibland när jag precis loggat in så dyker det upp en varningsruta som säger att Explorer blev tvunget att avslutas för att skydda datorn. Och tidigare idag när jag kollade aktivitetshanteraren för att avsluta explorer, så såg jag att det var ett tiotal processer som hette "svchost.exe" igång.

     

    Är det något jätteallvarligt? Jag skulle göra allt för att bli av med skiten.

     

    /Anton


  10. Tack så hemskt mycket för alla svar!

     

    Orreman: Ditt/dina svar gjorde min dag! Nu vet jag hur jag ska gå till väga när jag kör igång med nästa DVD-projekt. :D

    Dock så hinner jag inte joxa till det så där mycket idag eftersom vi ska texta en film på engelska som ska skickas till en tävling i USA, och vi har förstås en deadline på oss. Så idag får det bli att permanent-texta.

     

    Jag fick två tips igår som verkade ganska smidiga men jag vet inte om de är bra eller inte:

     

    1. Att bara bränna en data CD/DVD med filmfilen och srt-filen och döpa båda till samma sak. Har dock ingen aning om det funkar, testade att bränna en data CD igår men min DVD-spelare tyckte inte om den. Den är billig och dålig dock så jag vet ju inte om funkar eller ej.

     

    2. Att Vanvända ett program som heter WinAvi Converter till att konvertera (från avi till dvd) samt bränna in texten i filmen. Det här programmet har jag redan laddat ner en free trial-version av. Har ni bättre förslag skriv fort för jag måste iväg snabbt. :D

     

    Var programmen ni tipsade om gratis förresten?

     

    Tack igen!

     


  11. Tja! Jo, jag använder Subtitle Workshop och har än så länge bara gjort undertexter till AVI- och MPEG-filmer. Men jag bara spela upp dem medan man ser på filmen, jag vill kunna sammanfoga både filmfil och undertext. Vet att det ska gå, men inte hur.

     

    Jag tänker inte skaffa ett till program som det du nämde då Pinnacle fungerar utmärkt för egna DVD:er. :P

     

    Men tack ändå.

     


  12. Ja, rubriken på tråden förklarar vad jag vill. Jag vet hur man gör egna undertexter och vet att man ska spara dem som .srt, men vad jag inte vet är hur jag ska kunna använda dem till mina filmer. Än så länge vet jag bara hur man gör för att spela upp filmerna tillsammans med undertexterna i VLC osv, men jag vill kunna använda dem till mina DVD-projekt också.

     

    Alltså, jag vill antingen kunna göra en DVD-meny där jag jag helt enkelt lägger in själva .srt-filen (eller annat format?) och få programmet (i mitt fall Pinnacle studio plus 10.6) att spela den, eller kunna konvertera/sätta ihop srt-filen med själva filmfilen till en AVI.

     

    Tacksam för svar! :)

     

     

     


  13. Hmm, jo så här är det. Jag skulle bränna några .avi- och .mpg-filer till en Data-DVD. Detta har jag gjort förr och det har funkat utmärkt. Men nu när jag brände senast blev det ett dataverifieringsfel av någon mystisk anledning och när jag testade att spela skivan i DVDn så vart kvaliteten totalt värdelös. Man kunde knappt se konturerna (det var tecknad film) och ljuset var nästan vitt. I datorn fungerar den dock som den ska, men det är framför TV:n jag vill sitta och kolla...

     

    Jag förstår inte vad feler beror på? Var det pågrund av det där dataverifieringsfelet? Och isåfall, hur uppstod felet? Är det fel på filerna?

     

     


  14. Hej! Jag använder Pinnacle Studio Plus version 10.6 och det har fungerat felfritt fram till nu. Helt plötsligt kan jag inte öppna det projektet som jag vill utan det står bara: "Oförenliga projektformat. Projektet som du försöker öppna är från en senare version av Pinnacle Studio."

     

    Är det någon som vet vad det här beror på och framförallt hur jag kan öppna projektet!? Jag har ju använt version 10.6 hela tiden så det där stämmer ju inte alls.

     

    Här är en bild på rutan som ständigt kommer upp: http://img141.imageshack.us/img141/2712/problemll4.png

     

    /Anton

     


  15. VideoReDo funkade fantastiskt bra! Det enda som var dåligt var att det bara kunde läsa in 2 minuter av filen, så jag fick klippa bort de delar jag konverterat från skivan & göra allt en gång till. Det kanske är så med RW-skivor?

     


  16. Nu har jag testat. När jag skulle öppna filen stod det att jag behövde en aktiveringsnyckel, den var gratis så det var inga problem. Men sen när jag öppnade filen (på 280 mb & 4 minuter typ) låg den på 5 sekunder!? När jag sedan drog i filen & kollade igenom allt såg jag att alla klipp var där men de var lagrade i en 5 sekundersfil!? Hur fixar jag det här?

     

    [inlägget ändrat 2007-03-25 11:14:01 av Biberkolben]

×
×
  • Skapa nytt...