Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

många IE i Task Managern trots nedstängning

Kerstin HA

Startad av Kerstin HA,
i Webbläsare

Rekommendera Poster

Kerstin HA

Kerstin HA

Postad
  • Trådskapare
Postad

Vad jag kan se så finns den kvar trots avinstallationen. och en DNA-fteliasurfbild dök upp för ett tag sedan.

Låter mycket troligt att det är bitcomet som ställer till det. Den brukar dyka upp som ordinarie nerladdningsprogram när jag tar ner något

Attach.txt

DDS.txt

Länk till kommentar
Dela på andra webbplatser
  • Svars 86
  • Skapad
  • Senaste svar
Cecilia

Cecilia

Postad
Postad

Klistrar in loggen här så blir det lättare att gå igenom den.

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Master Control at 16:20:24,59 on 2011-01-22

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2320 [GMT 1:00]

 

AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Telia Säker Surf 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Telia Säker Surf 9.01 *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\WINDOWS\system32\oodtray.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program Files\NetWorx\networx.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Aqua Dock\Aqua Dock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\FastStone Capture\FSCapture.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

D:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\akoTV2\akoTV2.exe

F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe

C:\Program Files\MemInfo\meminfo.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\ppApps\VisualTaskTips\VisualTaskTips.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSHDLL32.EXE

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

D:\Program Files\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\IDG\1\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aftonbladet.se/

BHO: TommyBHO Class: {00d0c86e-76e0-49e8-8b06-e1986784b743} - c:\windows\system32\tydadirekt.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\ppapps\flashget\jccatch.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: digital-zone Toolbar: {a745656f-a874-4052-8aa7-afce35eed950} - c:\program files\digital-zone\prxtbdigi.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll

TB: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No File

TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: digital-zone Toolbar: {a745656f-a874-4052-8aa7-afce35eed950} - c:\program files\digital-zone\prxtbdigi.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2007\MemOptimizer.exe" autostart

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [systemTray] SysTray.Exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [OODefragTray] c:\windows\system32\oodtray.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [F-Secure Manager] "c:\program files\telia\telias sakerhetstjanster\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\telia\telias sakerhetstjanster\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto

mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe

mRun: [Aqua Dock] c:\program files\aqua dock\Aqua Dock.exe

mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

dRunOnce: [NewUser] %SystemRoot%\System32\NewUser.cmd

StartupFolder: c:\users\admini~1\startm~1\programs\startup\akotv2.lnk - c:\program files\akotv2\akoTV2.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\atnotes.lnk - f:\nyinstallationer 20080210\atnotes\ATnotes.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\meminfo.lnk - c:\program files\meminfo\meminfo.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\netlim~1.lnk - c:\program files\netlimiter 2 pro\NLClient.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\procexp.lnk - d:\my documents\bitcomet\process explorer 2010\procexp.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\rainle~1.lnk - c:\program files\rainlendar\Rainlendar.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\visual~1.lnk - c:\ppapps\visualtasktips\VisualTaskTips.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoSMHelp = 00000000

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-explorer: GreyMSIAds = 1 (0x1)

mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)

mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NoSMMyPictures = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: &Ladda ner med alla FlashGet - c:\ppapps\flashget\jc_all.htm

IE: &Ladda ner med FlashGet - c:\ppapps\flashget\jc_link.htm

IE: ???????? - c:\program files\flashget network\flashget mini\GetUrl.htm

IE: ???????????? - c:\program files\flashget network\flashget mini\GetAllUrl.htm

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {95C7D2FE-FB65-44D9-B622-894F8636B7BE} - c:\program files\freshdevices\freshdownload\fd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\telia\telias sakerhetstjanster\fsps\program\FSLSP.DLL

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {25C29129-E95F-4564-BFE3-000000006400} - hxxp://www.123minsida.se/builder/pages/KvikVideo-6-4-0-0.CAB

DPF: {25C29129-E95F-4564-BFE3-000000007100} - hxxp://www.123minsida.se/builder/pages/KvikVideo-7-1-0-0.CAB

DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123minsida.se/builder/pages/Mpu-dk-1-0-0-8.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcams.lantmannen.se//webcam2/AxisCamControl.ocx

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

Hosts: 127.0.0.1 www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\admini~1\applic~1\mozilla\firefox\profiles\o3qjxydo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\users\administrator\application data\mozilla\firefox\profiles\o3qjxydo.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npfd.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Magic's Video - Downloader: video-dowloader@magic-imv.ro - %profile%\extensions\video-dowloader@magic-imv.ro

FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 1000000

FF - user.js: nglayout.initialpaint.delay - 600

 

============= SERVICES / DRIVERS ===============

 

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-26 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-4-14 82120]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-5-25 40560]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-1 64288]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\telia\telias sakerhetstjanster\hips\drivers\fshs.sys [2009-5-26 68064]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]

R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-9 38976]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\telia\telias sakerhetstjanster\anti-virus\fsgk32st.exe [2009-4-14 215648]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-6 210216]

R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2008-2-16 6736]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-1-17 582992]

R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2011-1-10 993848]

R2 Vqtfk;Vqtfk;c:\windows\system32\Vqtfk.sys [2008-2-16 19936]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\telia\telias sakerhetstjanster\anti-virus\minifilter\fsgk.sys [2009-4-14 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\telia\telias sakerhetstjanster\orsp client\fsorsp.exe [2009-5-26 63992]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-1-31 16128]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-1-17 206608]

S2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2011-1-10 399416]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-17 91830]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2009-9-29 335872]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-9-28 42368]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-1-17 206608]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\telia\telias sakerhetstjanster\anti-virus\win2k\fsfilter.sys [2009-4-14 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\telia\telias sakerhetstjanster\anti-virus\win2k\fsrec.sys [2009-4-14 25184]

 

=============== File Associations ===============

 

inffile=c:\windows\system32\Notepad2.exe %1

inifile=c:\windows\system32\Notepad2.exe %1

txtfile=c:\windows\system32\Notepad2.exe %1

 

=============== Created Last 30 ================

 

2011-01-20 22:02:58 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-20 22:02:58 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-20 22:02:30 -------- d--h--w- c:\windows\msdownld.tmp

2011-01-18 22:05:13 -------- d-----w- c:\users\alluse~1\applic~1\MyHeritage

2011-01-18 22:05:13 -------- d-----w- c:\users\admini~1\applic~1\MyHeritage

2011-01-18 16:00:58 63488 ----a-w- c:\program files\windows sidebar\wlsrvc.dll

2011-01-18 15:42:00 -------- d-----w- c:\program files\Uniblue

2011-01-17 18:33:46 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-17 18:31:18 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Sunbelt Software

2011-01-17 18:30:24 -------- dc-h--w- c:\users\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-17 00:54:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-01-17 00:54:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-01-17 00:54:23 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2011-01-17 00:54:23 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2011-01-17 00:33:11 -------- d-----w- c:\users\admini~1\applic~1\BitComet

2011-01-17 00:29:40 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-01-17 00:29:39 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-01-17 00:24:59 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Secunia PSI

2011-01-16 23:35:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-16 23:35:09 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-01-16 23:24:32 -------- d-----w- c:\users\alluse~1\applic~1\InstallMate

2011-01-16 21:27:53 -------- d-----w- c:\program files\Panda Security

2011-01-13 23:29:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-13 23:29:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-13 23:03:00 -------- d-----w- c:\program files\Conduit

2011-01-13 23:02:57 -------- d-----w- c:\users\admini~1\locals~1\applic~1\digital-zone

2011-01-13 23:02:55 -------- d-----w- c:\users\admini~1\locals~1\applic~1\ConduitEngine

2011-01-13 23:02:55 -------- d-----w- c:\program files\ConduitEngine

2011-01-13 23:02:51 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Conduit

2011-01-13 23:02:50 -------- d-----w- c:\program files\digital-zone

2011-01-12 23:18:15 388096 ----a-r- c:\users\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-01-12 20:09:37 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Temp

2011-01-03 00:20:25 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc463E.tmp

2010-12-27 21:02:21 -------- d-----w- c:\users\admini~1\applic~1\LolClient

2010-12-27 20:52:31 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2010-12-27 20:52:31 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2010-12-27 20:52:24 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2010-12-27 20:52:24 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2010-12-27 20:52:12 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-12-27 20:52:07 -------- d-----w- c:\windows\Logs

 

==================== Find3M ====================

 

2011-01-18 21:40:52 46 ----a-w- c:\windows\system32\_WDYSZYG.sys

2011-01-17 18:33:38 15880 ----a-w- c:\windows\system32\lsdelete.exe

2011-01-12 15:32:26 66 ----a-w- c:\users\admini~1\applic~1\ispro4_0.tmp

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-25 00:29:05 471040 ----a-w- c:\windows\dog2.scr

2010-11-25 00:28:57 12288 ----a-w- c:\windows\impborl.dll

2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

 

============= FINISH: 16:22:27,56 ===============

Länk till kommentar
Dela på andra webbplatser
Kerstin HA

Kerstin HA

Postad
  • Trådskapare
Postad

Sorry, tänkte att det det var bättre att skicka som bifogad fil då de är så stora.

Antar att problemet ligger här :

C:\Program Files\DNA\btdna.exe

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Detta fanns inte i den första DDS-loggen i den här tråden:

TB: digital-zone Toolbar: {a745656f-a874-4052-8aa7-afce35eed950} - c:\program files\digital-zone\prxtbdigi.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

Olämpliga toolbars som ska bort. Avinstallera digital-zone Toolbar och Conduit Engine om den finns. Du måste vara mer uppmärksam på vad som installeras.

 

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

I Attach-loggens lista över vad som kan avinstalleras finns något som heter DNA. Avinstallera det.

 

Firefox - Verktyg - Tillägg - Insticksmoduler

Inaktivera de Java-moduler som finns där eftersom det bara verkar vara gamla versioner.

 

Starta om datorn när avinstallationerna är klara.

 

Ta bort mapparna (alla finns kanske inte kvar):

c:\program files\dna

c:\program files\Conduit

c:\users\admini~1\locals~1\applic~1\ConduitEngine

c:\program files\ConduitEngine

c:\users\admini~1\locals~1\applic~1\Conduit

c:\users\admini~1\applic~1\BitComet

där ~1 står för ett antal godtyckliga bokstäver

 

Starta om datorn igen och klistra in en ny DDS-logg.

Visserligen är loggen lång men det förenklar för mig om jag slipper ladda ner så mycket filer samt när jag vill söka på något i loggen bara behöver markera, högerklicka och välja sök.

Länk till kommentar
Dela på andra webbplatser
Kerstin HA

Kerstin HA

Postad
  • Trådskapare
Postad

Jag är uppmärksam. Jag gillar den där Toolbaren, men tog bort den nu. Varför är den inte bra, skulle vilja ha en förklaring ??

Trots detta har jag samma bekymmer med den där svhosten.

Bifogar skärmdump.För att kunna kolla mailen nyss + komma in på denna sedan så fick jag "kill" precessen.

Firefoxen tar jag senare. Använder den mycket sällan. Det är sonen som vill ha den då han är här då han gillar den böätter än IE.n

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Master Control at 18:03:08,18 on 2011-01-22

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3071.2054 [GMT 1:00]

 

AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Telia Säker Surf 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: Telia Säker Surf 9.01 *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\WINDOWS\system32\oodtray.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\Program Files\NetWorx\networx.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Aqua Dock\Aqua Dock.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\FastStone Capture\FSCapture.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

D:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\akoTV2\akoTV2.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

F:\Nyinstallationer 20080210\ATnotes\ATnotes.exe

C:\Program Files\MemInfo\meminfo.exe

C:\Program Files\NetLimiter 2 Pro\NLClient.exe

D:\My Documents\BitComet\Process explorer 2010\procexp.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\ppApps\VisualTaskTips\VisualTaskTips.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSHDLL32.EXE

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

D:\Program Files\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

D:\IDG\1\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aftonbladet.se/

BHO: TommyBHO Class: {00d0c86e-76e0-49e8-8b06-e1986784b743} - c:\windows\system32\tydadirekt.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\ppapps\flashget\jccatch.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBHO Object: {cba74cda-df78-4ad9-954e-3b15d0a993de} - c:\program files\corestreet\spoofstick\SpoofStickBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: SpoofStick: {4d46ed77-1429-4cf6-8f63-c84b5d710baf} - c:\program files\corestreet\spoofstick\SpoofStick.dll

TB: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No File

TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2007\MemOptimizer.exe" autostart

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [VistaDrive] c:\windows\vistadrive\VistaDrive.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [systemTray] SysTray.Exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [OODefragTray] c:\windows\system32\oodtray.exe

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [F-Secure Manager] "c:\program files\telia\telias sakerhetstjanster\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program files\telia\telias sakerhetstjanster\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto

mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe

mRun: [Aqua Dock] c:\program files\aqua dock\Aqua Dock.exe

mRunOnce: [WIAWizardMenu] RUNDLL32.EXE c:\windows\system32\sti_ci.dll,WiaCreateWizardMenu

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

dRunOnce: [NewUser] %SystemRoot%\System32\NewUser.cmd

StartupFolder: c:\users\admini~1\startm~1\programs\startup\akotv2.lnk - c:\program files\akotv2\akoTV2.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\atnotes.lnk - f:\nyinstallationer 20080210\atnotes\ATnotes.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\meminfo.lnk - c:\program files\meminfo\meminfo.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\netlim~1.lnk - c:\program files\netlimiter 2 pro\NLClient.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\procexp.lnk - d:\my documents\bitcomet\process explorer 2010\procexp.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\rainle~1.lnk - c:\program files\rainlendar\Rainlendar.exe

StartupFolder: c:\users\admini~1\startm~1\programs\startup\visual~1.lnk - c:\ppapps\visualtasktips\VisualTaskTips.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\users\alluse~1\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe

uPolicies-explorer: NoSMMyPictures = 1 (0x1)

uPolicies-explorer: NoSMHelp = 00000000

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

uPolicies-explorer: GreyMSIAds = 1 (0x1)

mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)

mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NoSMMyPictures = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: &Ladda ner med alla FlashGet - c:\ppapps\flashget\jc_all.htm

IE: &Ladda ner med FlashGet - c:\ppapps\flashget\jc_link.htm

IE: ???????? - c:\program files\flashget network\flashget mini\GetUrl.htm

IE: ???????????? - c:\program files\flashget network\flashget mini\GetAllUrl.htm

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {95C7D2FE-FB65-44D9-B622-894F8636B7BE} - c:\program files\freshdevices\freshdownload\fd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\program files\telia\telias sakerhetstjanster\fsps\program\FSLSP.DLL

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/sv_SV/DjVuControl_sv_SV.cab

DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

DPF: {25C29129-E95F-4564-BFE3-000000006400} - hxxp://www.123minsida.se/builder/pages/KvikVideo-6-4-0-0.CAB

DPF: {25C29129-E95F-4564-BFE3-000000007100} - hxxp://www.123minsida.se/builder/pages/KvikVideo-7-1-0-0.CAB

DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - hxxp://www.123minsida.se/builder/pages/Mpu-dk-1-0-0-8.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcams.lantmannen.se//webcam2/AxisCamControl.ocx

DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

Hosts: 127.0.0.1 www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\admini~1\applic~1\mozilla\firefox\profiles\o3qjxydo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\users\administrator\application data\mozilla\firefox\profiles\o3qjxydo.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npfd.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\users\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Magic's Video - Downloader: video-dowloader@magic-imv.ro - %profile%\extensions\video-dowloader@magic-imv.ro

FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 1000000

FF - user.js: nglayout.initialpaint.delay - 600

 

============= SERVICES / DRIVERS ===============

 

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-5-26 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-4-14 82120]

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-5-25 40560]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-1 64288]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\telia\telias sakerhetstjanster\hips\drivers\fshs.sys [2009-5-26 68064]

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]

R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-10-9 38976]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\telia\telias sakerhetstjanster\anti-virus\fsgk32st.exe [2009-4-14 215648]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-6 210216]

R2 RioPNP;RioPNP;c:\windows\system32\drivers\RioPnP.sys [2008-2-16 6736]

R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-1-17 582992]

R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2011-1-10 993848]

R2 Vqtfk;Vqtfk;c:\windows\system32\Vqtfk.sys [2008-2-16 19936]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\telia\telias sakerhetstjanster\anti-virus\minifilter\fsgk.sys [2009-4-14 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\telia\telias sakerhetstjanster\orsp client\fsorsp.exe [2009-5-26 63992]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]

R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2009-1-31 16128]

R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-1-17 206608]

S2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2011-1-10 399416]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2008-2-17 91830]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S3 STSService;STSService;c:\program files\soundtaxi media suite\STSService.exe [2009-9-29 335872]

S3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\drivers\shbecr.sys [2010-9-28 42368]

S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-1-17 206608]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\telia\telias sakerhetstjanster\anti-virus\win2k\fsfilter.sys [2009-4-14 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\telia\telias sakerhetstjanster\anti-virus\win2k\fsrec.sys [2009-4-14 25184]

 

=============== File Associations ===============

 

inffile=c:\windows\system32\Notepad2.exe %1

inifile=c:\windows\system32\Notepad2.exe %1

txtfile=c:\windows\system32\Notepad2.exe %1

 

=============== Created Last 30 ================

 

2011-01-20 22:02:58 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-01-20 22:02:58 -------- d-----w- c:\windows\system32\wbem\Repository

2011-01-20 22:02:30 -------- d--h--w- c:\windows\msdownld.tmp

2011-01-18 22:05:13 -------- d-----w- c:\users\alluse~1\applic~1\MyHeritage

2011-01-18 22:05:13 -------- d-----w- c:\users\admini~1\applic~1\MyHeritage

2011-01-18 16:00:58 63488 ----a-w- c:\program files\windows sidebar\wlsrvc.dll

2011-01-18 15:42:00 -------- d-----w- c:\program files\Uniblue

2011-01-17 18:33:46 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-01-17 18:31:18 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Sunbelt Software

2011-01-17 18:30:24 -------- dc-h--w- c:\users\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}

2011-01-17 00:54:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-01-17 00:54:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-01-17 00:54:23 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2011-01-17 00:54:23 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2011-01-17 00:29:40 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe

2011-01-17 00:29:39 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

2011-01-17 00:24:59 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Secunia PSI

2011-01-16 23:35:09 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-16 23:35:09 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-01-16 23:24:32 -------- d-----w- c:\users\alluse~1\applic~1\InstallMate

2011-01-16 21:27:53 -------- d-----w- c:\program files\Panda Security

2011-01-13 23:29:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-13 23:29:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-12 23:18:15 388096 ----a-r- c:\users\admini~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-01-12 20:09:37 -------- d-----w- c:\users\admini~1\locals~1\applic~1\Temp

2011-01-03 00:20:25 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc463E.tmp

2010-12-27 21:02:21 -------- d-----w- c:\users\admini~1\applic~1\LolClient

2010-12-27 20:52:31 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2010-12-27 20:52:31 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2010-12-27 20:52:24 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2010-12-27 20:52:24 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2010-12-27 20:52:12 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2010-12-27 20:52:07 -------- d-----w- c:\windows\Logs

 

==================== Find3M ====================

 

2011-01-18 21:40:52 46 ----a-w- c:\windows\system32\_WDYSZYG.sys

2011-01-17 18:33:38 15880 ----a-w- c:\windows\system32\lsdelete.exe

2011-01-12 15:32:26 66 ----a-w- c:\users\admini~1\applic~1\ispro4_0.tmp

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-25 00:29:05 471040 ----a-w- c:\windows\dog2.scr

2010-11-25 00:28:57 12288 ----a-w- c:\windows\impborl.dll

2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

 

============= FINISH: 18:05:52,64 ===============

post-67521-0-39615900-1295716454_thumb.jpg

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Conduit-toolbars innehåller normalt lite spionfunktioner, men det ju dig och din dator det gäller så visst kan du ha sådant installerat om du vill, men du kan ju vänta med det tills att datorn fungerar som den ska. Det kan ju vara pga dem datorn beter sig konstigt.

http://www.systemlookup.com/CLSID/70651-ConduitEngin_dll_ConduitEngine_dll_ConduitEngin0_dll_ConduitEngin1_dll.html

Det finns ju någon anledning till att Conduit betalar programföretag för att de ska se till att toolbaren installeras. http://www.conduit.com/benefits/overview.aspx

 

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

c:\windows\system32\_WDYSZYG.sys

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

När det gäller svchost kan du ju se om installationen av Service Pack 3 innehåller någon fix för det.

Länk till kommentar
Dela på andra webbplatser
Kerstin HA

Kerstin HA

Postad
  • Trådskapare
Postad

OK, jag har nu läst om Conduit.Skall fundera på saken. Den innehöll både en radio samt mitt lokala väder och det kan jag väl ha uppe på andra vägar kanske.

 

Har skickat filen till anvisat ställe. Står i kö med > 6000 före som det ser ut.

"This file has never been reviewed by any VT Community member. Be the first one to comment on it! " står det dock.

Jag öppnade filen i notepad och där stod endast

"[XWXSQJ]

UsedTimes=21

FirstTime=2009-11-09

 

svårt då att veta vad den hör till då den endast använts 21 gånger. Modified

.den 18 januari 2011, 22:40:52.. står det dock.

Jag har scannat filen med S&D, Malwerebyte och en till och alla har meddelat att de hittar inget.

Länk till kommentar
Dela på andra webbplatser
Kerstin HA

Kerstin HA

Postad
  • Trådskapare
Postad

Jag kan ha hittat det.Det tillhör tydligen

C:\Program Files\WinUtilities

 

WinUtilities for Giveawayoftheday - 29 Oct 2009 ... The program will be stopped and the system tray icon will disappear. Uninstall .... _WDYSZYG.sys

(The program är ett program som de vill att man skall använda för att städa upp starten.)

 

Jag har det programmet installerat från Giveawayaday oich har haft det sedan 2009 i november och det stämmer med att jag tittade i programmet herromdan..

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Ja, då ska ju inte den filen vara något som har med ditt problem att göra. Jag blev bara lite undrande när det stod att den var nyligen ändrad.

Länk till kommentar
Dela på andra webbplatser
Kerstin HA

Kerstin HA

Postad
  • Trådskapare
Postad

Frågan är om vi fick bort problemet när jag avinstallerade dNA-t som hörde till BitComet.

Ikväll har det fungerat perfekt utom att Process Exporern låser sig. Den skall ju vara en ersättare till Task Managern om man vill ha en mer avancerad dylik.Den låser sig när jag startar upp IE.och det gjorde den inte tidigare

Det borde väl inte ha någon betydelse VAR exe-filen ligger. Jag har den i mina dokument/nerladdningar då jag tog ner en ny. Den gamla låg på c:// Jag har mina dokument på annan HD. Jag kanske skall flytta den ??

Jag har satt aktivitetshanteraren ( den vanliga ) på snabb uppdatering nu.Jag har märkt att när jag öppnar IE så får jag två IE i den en på c.a 8000 K och den andra ( just nu ) på c.a 27 000 K och det är den som uppdaterar sig ( syns på rycken ).

.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Frågan är om vi fick bort problemet när jag avinstallerade dNA-t som hörde till BitComet.

Ikväll har det fungerat perfekt utom att Process Exporern låser sig. Den skall ju vara en ersättare till Task Managern om man vill ha en mer avancerad dylik.Den låser sig när jag startar upp IE.och det gjorde den inte tidigare

Det borde väl inte ha någon betydelse VAR exe-filen ligger. Jag har den i mina dokument/nerladdningar då jag tog ner en ny. Den gamla låg på c:// Jag har mina dokument på annan HD. Jag kanske skall flytta den ??

Jag har satt aktivitetshanteraren ( den vanliga ) på snabb uppdatering nu.Jag har märkt att när jag öppnar IE så får jag två IE i den en på c.a 8000 K och den andra ( just nu ) på c.a 27 000 K och det är den som uppdaterar sig ( syns på rycken ).

.

Jag har för lite erfarenhet av Process Explorer för att uttala mig om det.

 

Gällande IEs två processer ser det helt korrekt ut, den mindre är basprocessen för hela fönstret och sedan en process för fliken som används.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...