Just nu i M3-nätverket
Gå till innehåll

viggo_v

Medlem
  • Antal inlägg

    25
  • Gick med

  • Senaste besök

Foruminlägg postade av viggo_v


  1. Hej!

     

    Jag undrar om någon kan hjälpa mig att tyda denna info jag fått fram av två proram för att kolla temperaturen i min dator. Har nyligen bytt kylpasta utan något positivt resultat och undrar vad det kan va för problem som gör att datorn blir så varm. 

     

    Min dator:

     

    Operating System: Windows 7 Home Premium 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_ldr.160408-2045)Language: Swedish (Regional Setting: Swedish)
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Model: 700Z3A/700Z4A/700Z5A/700Z5B
    BIOS: Phoenix SecureCore-Tiano NB Version 2.1 15FD
    Processor: Intel® Core i5-2450M CPU @ 2.50GHz (4 CPUs), ~2.5GHz
    Memory: 6144MB RAM
    Available OS Memory: 6058MB RAM
    Page File: 2839MB used, 9274MB available
    Windows Dir: C:\Windows
    DirectX Version: DirectX 11
    DX Setup Parameters: Not found
    User DPI Setting: Using System DPI
    System DPI Setting: 96 DPI (100 percent)
    DWM DPI Scaling: Disabled
    DxDiag Version: 6.01.7601.17514 32bit Unicode
     
    ------
             
    Card name: Intel® HD Graphics Family
    Manufacturer: Advanced Micro Devices, Inc.
    Chip type: Intel® HD Graphics Family
    DAC type: Internal
    Device Key: Enum\PCI\VEN_8086&DEV_0126&SUBSYS_C0B3144D&REV_09
    Display Memory: 3843 MB
    Dedicated Memory: 1070 MB
    Shared Memory: 2772 MB
    Current Mode: 1600 x 900 (32 bit) (60Hz)
    Monitor Name: Generic PnP Monitor
    Monitor Model: unknown
    Monitor Id: SECFFFF
    Native Mode: 1600 x 900(p) (60.115Hz)
    Output Type: Internal
    Driver Name: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumdx32,igd10umd32,igd10umd32
    Driver File Version: 8.15.0010.2622 (English)
    Driver Version: 8.951.9.3000
    DDI Version: 11
    Driver Model: WDDM 1.1
    Driver Attributes: Final Retail
    Driver Date/Size: 4/24/2016 21:04:47, 8313856 bytes

     

    post-53702-0-62660500-1463142757_thumb.jpg

    post-53702-0-06225400-1463142767_thumb.jpg


  2. Hej! Jag har satt in en ny ssd från samsung i min samsung laptop som köppts med windows förinstallerat. Jag har nu försökt installera en ren windows 7 från en usb. Efter att windows har "installerats" och datorn automatiskt startas om för att fortsätta installationen stannar datorn vid en svart skärm. Det är som att datorn försöker starta om och om igen. Jag har testat alla boot ordningar men det verkar ganska kört. Hoppas att någon har tid och förslag på en lösning, det hade vart till stor hjälp!

     

    Mvh, Victor


  3. Samsung Data Migration Software kan användas för att klona en hårddisk till en Samsung-SSD så att det sen går att starta från SSD:n.

    Program och manual: http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/support/downloads.html

     

    Magician är något du efteråt kan installera på SSD:n eftersom det är till för att optimera SSD:n: http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/whitepaper/whitepaper12.html

    Hej! Det låter toppen, men hur gör jag med den systemavbild som nu ligger på den ny SSD:n. Går det bara att slänga det i papperskorgen? Mvh, Victor


  4. Problemet för dig nu är att du måste göra följande:

    Montera tillbaka den gamla hd och sedan installera Samsungs program på den.

    Därefter måste du ha något "kit" där du kan koppla in din nya HD via usb till laptopen.

    Därefter kör du programmet och då klonar din befintliga HD till SSD

    Hej och tack för tipset! Jag har allt detta så det ska nog funka. Nu undrar jag bara hur jag blir av med min systemavbild som ligger på den nya ssd:n?  Mvh, Victor


  5. Du kan inte starta datorn från en backup, systemavbildning. Den måste först packas upp till den nya disken. Ett alternativ, om du inte har en tredje disk du kan spara systemavbildningen på först, är att klona den gamla disken till den nya.

    Tack för ditt svar, jag har fått flera förslag på detta så det ska jag testa. Men vet du om jag bör radera den avbildning som nu ligger på disken på något speciellt sett?   Mvh, Victor


  6. Hämta programmet MiniTools Partition Wizard, som är kostnadsfritt här:

     

    http://www.partitionwizard.com/free-partition-manager.html

     

    Använd funktionen "Copy Disk".

     

    Kopiera din fungerade disk till din SSD så skall det fungera att starta från SSDn när det är klart.

    Tack för ditt svar, men innan jag gör detta kan jag bara ta bort det som nu ligger på SSD disken genom att slänga det på vanligt sett. 

     

    Mvh, Victor


  7. Hej! 

     

    Jag har försökt få över mitt Windows 7 till min nya SDD hårddisk genom att förs skapa en systemavbild på den och detta genom Windows egna verktyg. Men när jag bytt ut hårddisken kan jag inte starta upp Windows även om jag ändrat så att datorn bootar från den nya disken.

     

    Jag har en bärbar Samsung serie 7, 14 tum och Windows installationsprogram finns på datorn och någon ny start version, iso har jag inte kunnat skapa då min produkt nyckeln inte går att tyda längre. På den nya SDD ligger nu en mapp som heter WindowsImageBackup.

     

    Finns det någon som vet om det ens är möjligt att starta Windows från en systemavbild eller om någon vet en annan lösning på mina problem hade jag vart tacksam för tips. 

     

    Med vänliga hälsningar, Victor 

     

     


  8. [log]Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 22:40:18, on 2007-07-10

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

    C:\WINDOWS\System32\RegSrvc.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

    C:\Program\Analog Devices\SoundMAX\SMAgent.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe

    C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

    C:\Program\Java\jre1.6.0_01\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

    C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    C:\Program\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [beoplayertray] C:\Program\Bang & Olufsen\BeoPlayer\Beotray.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BeoPlayer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156431609031

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

     

    --

    End of file - 7521 bytes

    [/log]

     


  9. Avenger[log]Logfile of The Avenger version 1, by Swandog46

    Running from registry key:

    \Registry\Machine\System\CurrentControlSet\Services\cjkedjxv

     

    *******************

     

    Script file located at: \??\C:\WINDOWS\system32\duqbjrun.txt

    Script file opened successfully.

     

    Script file read successfully

     

    Backups directory opened successfully at C:\Avenger

     

    *******************

     

    Beginning to process script file:

     

     

     

    File C:\windows\system32\fccddda.dll not found!

    Deletion of file C:\windows\system32\fccddda.dll failed!

     

    Could not process line:

    C:\windows\system32\fccddda.dll

    Status: 0xc0000034

     

     

     

    File C:\WINDOWS\system32\hghjpkbm.dll not found!

    Deletion of file C:\WINDOWS\system32\hghjpkbm.dll failed!

     

    Could not process line:

    C:\WINDOWS\system32\hghjpkbm.dll

    Status: 0xc0000034

     

     

     

    File C:\WINDOWS\system32\hjjlm.bak1 not found!

    Deletion of file C:\WINDOWS\system32\hjjlm.bak1 failed!

     

    Could not process line:

    C:\WINDOWS\system32\hjjlm.bak1

    Status: 0xc0000034

     

     

     

    File C:\WINDOWS\system32\hjjlm.bak2 not found!

    Deletion of file C:\WINDOWS\system32\hjjlm.bak2 failed!

     

    Could not process line:

    C:\WINDOWS\system32\hjjlm.bak2

    Status: 0xc0000034

     

     

     

    File C:\WINDOWS\system32\hjjlm.ini not found!

    Deletion of file C:\WINDOWS\system32\hjjlm.ini failed!

     

    Could not process line:

    C:\WINDOWS\system32\hjjlm.ini

    Status: 0xc0000034

     

     

     

    File C:\windows\system32\isytwyip.dll not found!

    Deletion of file C:\windows\system32\isytwyip.dll failed!

     

    Could not process line:

    C:\windows\system32\isytwyip.dll

    Status: 0xc0000034

     

     

     

    File C:\WINDOWS\system32\mljjh.dll not found!

    Deletion of file C:\WINDOWS\system32\mljjh.dll failed!

     

    Could not process line:

    C:\WINDOWS\system32\mljjh.dll

    Status: 0xc0000034

     

     

     

    File C:\windows\system32\piywtysi.ini not found!

    Deletion of file C:\windows\system32\piywtysi.ini failed!

     

    Could not process line:

    C:\windows\system32\piywtysi.ini

    Status: 0xc0000034

     

     

    Completed script processing.

     

    *******************

     

    Finished! Terminate.[/log]

     


  10. combofix Quarantine [log]

    2007-04-28 17:25      89    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Victor\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
    
    
    Lista ”ver mappar i milj”variabeln PATH
    Volymens serienummer „r 208D-E5F1
    C:\QOOBOX
    \---Quarantine
       +---C
       |   \---DOCUME~1
       |       \---Victor
       |           \---APPLIC~1
       |               \---Macromedia
       |                   \---Flash Player
       |                       \---macromedia.com
       |                           \---support
       |                               \---flashplayer
       |                                   \---sys
       |                                       \---#www.broadcaster.com
       |                                               settings.sol.vir
       |                                               
       \---Registry_backups
    

    [/log]

     


  11. combofix[log]"Victor" - 2007-07-10 19:35:51 - ComboFix 07-07-10.1 - Service Pack 2

     

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

     

     

    C:\DOCUME~1\Victor\APPLIC~1.\macromedia\Flash Player\#SharedObjects\NAS95JCC\www.broadcaster.com

    C:\DOCUME~1\Victor\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

    C:\DOCUME~1\Victor\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

     

     

    ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))

     

     

    2007-07-10 19:35 51,200 --a------ C:\WINDOWS\nircmd.exe

    2007-07-09 20:51 <KAT> d-------- C:\VundoFix Backups

    2007-07-08 20:17 <KAT> d-------- C:\Program\Trend Micro

    2007-07-08 14:21 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

    2007-07-08 14:21 <KAT> dr------- C:\DOCUME~1\ADMINI~1\Start-meny

    2007-07-08 14:21 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\Skrivare

    2007-07-08 14:21 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\N„tverket

    2007-07-08 14:21 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\Mallar

    2007-07-08 14:21 <KAT> d--h----- C:\DOCUME~1\ADMINI~1\Lokala inst„llningar

    2007-07-08 14:21 <KAT> d-------- C:\DOCUME~1\ADMINI~1\Skrivbord

    2007-07-08 14:21 <KAT> d-------- C:\DOCUME~1\ADMINI~1\Mina dokument

    2007-07-08 14:21 <KAT> d-------- C:\DOCUME~1\ADMINI~1\Favoriter

    2007-07-04 18:42 16,384 --a------ C:\WINDOWS\system32\FileOps.exe

    2007-07-04 18:35 <KAT> d-------- C:\WINDOWS\Adobe Illustrator CS

     

     

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

     

    2007-07-07 17:18:11 -------- d-----w C:\DOCUME~1\Victor\APPLIC~1\uTorrent

    2007-07-04 16:37:51 -------- d--h--w C:\Program\InstallShield Installation Information

    2007-06-28 20:58:28 -------- d-----w C:\Program\DC++

    2007-05-24 17:34:15 -------- d-----w C:\DOCUME~1\Victor\APPLIC~1\dvdcss

    2007-05-24 15:07:39 -------- d-----w C:\DOCUME~1\Victor\APPLIC~1\BeoMediaDatabase

    2007-05-18 16:04:55 -------- d-----w C:\Program\Bang & Olufsen

    2007-05-18 16:04:15 -------- d-----w C:\Program\Delade filer\InstallShield

    2007-05-16 15:20:05 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

    2007-05-15 19:02:35 -------- d-----w C:\DOCUME~1\Victor\APPLIC~1\Google

    2007-05-15 18:11:45 -------- d-----w C:\Program\Google

    2007-04-25 15:45:36 70,014 ----a-w C:\WINDOWS\system32\perfc01D.dat

    2007-04-25 15:45:36 396,090 ----a-w C:\WINDOWS\system32\perfh01D.dat

    2007-04-25 14:22:55 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

    2007-04-18 16:14:40 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

    2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

    2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

     

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

     

     

    *Note* empty entries & legit default entries are not shown

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    2006-12-18 05:16 59032 --a------ C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{410DCA6D-452A-46CA-A15A-1415F0C4B9AA}]

    C:\WINDOWS\system32\mljjh.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634C7583-74C6-4FEF-BD06-9721761A6815}]

    C:\WINDOWS\system32\fccddda.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    2007-03-14 03:43 501400 --a------ C:\Program\Java\jre1.6.0_01\bin\ssv.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

    2007-05-15 20:11 2411584 -ra------ c:\program\google\googletoolbar1.dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "F-Secure Manager"="C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.exe" [2005-10-26 03:51]

    "F-Secure TNB"="C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" [2005-07-18 16:51]

    "F-Secure Startup Wizard"="C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.exe" [2005-10-18 10:29]

    "ATIModeChange"="Ati2mdxx.exe" [2002-08-29 00:17 C:\WINDOWS\system32\Ati2mdxx.exe]

    "ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-04-24 21:00]

    "AdaptecDirectCD"="C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-03-26 11:15]

    "AGRSMMSG"="AGRSMMSG.exe" [2003-05-06 22:16 C:\WINDOWS\AGRSMMSG.exe]

    "Cpqset"="C:\Program\HPQ\Default Settings\cpqset.exe" [2003-05-01 13:59]

    "PRONoMgr.exe"="C:\Program\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 14:20]

    "Adobe Photo Downloader"="C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []

    "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

    "QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2006-10-25 19:58]

    "Beoplayertray"="C:\Program\Bang & Olufsen\BeoPlayer\Beotray.exe" [2007-02-19 12:41]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    "{634C7583-74C6-4FEF-BD06-9721761A6815}"="C:\WINDOWS\system32\fccddda.dll" []

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjh]

    C:\WINDOWS\system32\mljjh.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]

    C:\WINDOWS\System32\LgNotify.dll 2003-03-24 12:26 110592 C:\WINDOWS\system32\LgNotify.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    Usnsvc usnsvc

     

     

    Contents of the 'Scheduled Tasks' folder

    2007-07-10 07:54:02 C:\WINDOWS\tasks\Scheduled scanning task.job

     

    **************************************************************************

     

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-07-10 19:38:38

    Windows 5.1.2600 Service Pack 2 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Cpqset = C:\Program\HPQ\Default Settings\cpqset.exe?|????????????3?3?7?0??????? ?pTB????????? ?????B????????

     

    scanning hidden files ...

     

    C:\WINDOWS\Winamp.ini

    C:\WINDOWS\winampa.ini

    C:\WINDOWS\Windows Update.log

    C:\WINDOWS\WindowsShell.Manifest

    C:\WINDOWS\WindowsUpdate.log

    C:\WINDOWS\winhelp.exe

    C:\WINDOWS\winhlp32.exe

    C:\WINDOWS\winnt.bmp

    C:\WINDOWS\winnt256.bmp

    C:\WINDOWS\WinSxS

    C:\WINDOWS\WMFDist11.log

    C:\WINDOWS\wmp11.log

    C:\WINDOWS\wmprfSVE.prx

    C:\WINDOWS\wmsetup.log

    C:\WINDOWS\wmsetup10.log

    C:\WINDOWS\WMSysPr9.prx

    C:\WINDOWS\WMSysPrx.prx

    C:\WINDOWS\Wudf01000Inst.log

    C:\WINDOWS\xpsp1hfm.log

    C:\WINDOWS\_default.pif

    C:\WINDOWS\Ärgad koppar.bmp

    C:\WINDOWS\Ökensand.bmp

     

    scan completed successfully

    hidden files: 22

     

    **************************************************************************

     

    Completion time: 2007-07-10 19:39:17

    C:\ComboFix-quarantined-files.txt ... 2007-07-10 19:39

     

    --- E O F ---

    [/log]

     


  12. hijack this [log]Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 19:54:11, on 2007-07-10

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

    C:\WINDOWS\System32\RegSrvc.exe

    C:\Program\Analog Devices\SoundMAX\SMAgent.exe

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe

    C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    C:\Program\Java\jre1.6.0_01\bin\jusched.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

    C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

    C:\WINDOWS\explorer.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {410DCA6D-452A-46CA-A15A-1415F0C4B9AA} - C:\WINDOWS\system32\mljjh.dll (file missing)

    O2 - BHO: (no name) - {634C7583-74C6-4FEF-BD06-9721761A6815} - C:\WINDOWS\system32\fccddda.dll (file missing)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [beoplayertray] C:\Program\Bang & Olufsen\BeoPlayer\Beotray.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BeoPlayer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156431609031

    O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

     

    --

    End of file - 7800 bytes

    [/log]

     


  13. [log]Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 21:14:38, on 2007-07-09

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

    C:\WINDOWS\System32\RegSrvc.exe

    C:\Program\Analog Devices\SoundMAX\SMAgent.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe

    C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

    C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

    C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program\Java\jre1.6.0_01\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program\Mozilla Firefox\firefox.exe

    C:\Program\Trend Micro\HijackThis\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {410DCA6D-452A-46CA-A15A-1415F0C4B9AA} - C:\WINDOWS\system32\mljjh.dll (file missing)

    O2 - BHO: (no name) - {634C7583-74C6-4FEF-BD06-9721761A6815} - C:\WINDOWS\system32\fccddda.dll (file missing)

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [beoplayertray] C:\Program\Bang & Olufsen\BeoPlayer\Beotray.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BeoPlayer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156431609031

    O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

     

    --

    End of file - 7858 bytes

    [/log]

     


  14. Hej, tackar så mycket för visat intresse. Tyvär kvarstår problemet.

    [log]VundoFix V6.5.4

     

    Checking Java version...

     

    Sun Java not detected

    Scan started at 20:51:33 2007-07-09

     

    Listing files found while scanning....

     

    C:\windows\system32\fccddda.dll

    C:\WINDOWS\system32\hghjpkbm.dll

    C:\WINDOWS\system32\hjjlm.bak1

    C:\WINDOWS\system32\hjjlm.bak2

    C:\WINDOWS\system32\hjjlm.ini

    C:\windows\system32\isytwyip.dll

    C:\WINDOWS\system32\mljjh.dll

    C:\windows\system32\piywtysi.ini

     

    Beginning removal...

     

    Attempting to delete C:\windows\system32\fccddda.dll

    C:\windows\system32\fccddda.dll Could not be deleted.

     

    Attempting to delete C:\WINDOWS\system32\hghjpkbm.dll

    C:\WINDOWS\system32\hghjpkbm.dll Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\hjjlm.bak1

    C:\WINDOWS\system32\hjjlm.bak1 Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\hjjlm.bak2

    C:\WINDOWS\system32\hjjlm.bak2 Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\hjjlm.ini

    C:\WINDOWS\system32\hjjlm.ini Has been deleted!

     

    Attempting to delete C:\windows\system32\isytwyip.dll

    C:\windows\system32\isytwyip.dll Has been deleted!

     

    Attempting to delete C:\WINDOWS\system32\mljjh.dll

    C:\WINDOWS\system32\mljjh.dll Could not be deleted.

     

    Attempting to delete C:\windows\system32\piywtysi.ini

    C:\windows\system32\piywtysi.ini Has been deleted!

     

    Performing Repairs to the registry.

    Done!

     

    VundoFix V6.5.4

     

    Checking Java version...

     

    Sun Java not detected

    Scan started at 21:02:34 2007-07-09

     

    Listing files found while scanning....

     

    C:\windows\system32\fccddda.dll

    C:\WINDOWS\system32\mljjh.dll

     

    Beginning removal...

     

    Attempting to delete C:\windows\system32\fccddda.dll

    C:\windows\system32\fccddda.dll Has been deleted!

     

    Performing Repairs to the registry.

    Done!

    [/log]

     


  15. [log]Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 20:19:32, on 2007-07-08

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\S24EvMon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

    C:\WINDOWS\system32\ZCfgSvc.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsrw.exe

    C:\WINDOWS\System32\RegSrvc.exe

    C:\Program\Analog Devices\SoundMAX\SMAgent.exe

    C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

    C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

    C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

    C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

    C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

    C:\WINDOWS\AGRSMMSG.exe

    C:\Program\Java\jre1.6.0_01\bin\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program\MSN Messenger\msnmsgr.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    C:\Program\Mozilla Firefox\firefox.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\hghjpkbm.dll

    O2 - BHO: (no name) - {634C7583-74C6-4FEF-BD06-9721761A6815} - C:\WINDOWS\system32\fccddda.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

    O2 - BHO: (no name) - {F3686CD6-1035-445F-A5BC-833763E3E28E} - C:\WINDOWS\system32\mljjh.dll (file missing)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

    O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program\Intel\NCS\PROSet\PRONoMgr.exe

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [beoplayertray] C:\Program\Bang & Olufsen\BeoPlayer\Beotray.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: BeoPlayer.lnk = ?

    O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

    O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\Program\fspex.exe

    O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\blockpopups.htm

    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

    O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias sakerhetstjanster\Anti-Spyware\ieshield.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156431609031

    O20 - Winlogon Notify: fccddda - C:\WINDOWS\SYSTEM32\fccddda.dll

    O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll (file missing)

    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program\Intel\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

     

    --

    End of file - 7993 bytes

    [/log]

     


  16. Hej, jag har fått ett virus i form av:

     

    F-Secure Trojan Information Pages: Agent.BAO

     

    [summary] | [Disinfection] | [Detailed Description] | [Detection]

     

     

    Name : Agent.BAO

    Alias: Trojan-Downloader.Win32.Agent.bao, Trojan.Downloader.Agent.ACT, TR/Dldr.Agent.bao

    Size: (11,230 bytes)

    Type: Downloader, Trojan

    Category: Trojan

    Platform: Win32

    Date of Discovery: November 06, 2006

    Radar

     

    Summary

    Agent.BAO, a variant of Agent, is a Trojan. Agent.BAO downloads different trojans and backdoors and activate them on an affected system without user's approval.

     

     

    Mitt virus program klarar inte av att ta bort det. Får felmeddelanden om skadlig kod i c\windows\system32\MLJJH.DLL.

    Angrepp: Trojan-downloader.win32.agent.bxq

     

    HAR INGEN ANING OM VAD JAG KAN GÖRA. VÅGAR INTE TA BORT FILEN MANUELLT VET HELLER INTE OM DET GÅR. HOPPAS NÅGON VET VAD MAN KAN GÖRA. Mvh victor

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     


  17. Jag har laddat ner från http://www.utorrent.com och har telias F-secure och ad-aware på datorn. Det har inte varit några problem sedan jag skrev inlägget. Dock får jag fortfarande felmedelanden om att internet explorer måste avslutas. Skärmen blinkar till men ingenting stängs av. Aktivitesfälten nere till höger på skärmen smetas samman rätt ofta också. Mycket konstigt.

     

×
×
  • Skapa nytt...