teliasäkersurf hittar virus men åtgärdar inte

[roger_malmö]

Genomsökningsrapport

den 26 april 2006 20:13:26 - 21:26:18

Datornamn: ROGERS-DATOR

Genomsökningstyp: Utför fullständig datorkontroll

Mål: C:\ D:\

 

 

 

 

Resultat: 4 skadliga program hittades

SpamTool.Win32.Agent.g (virus)

C:\Documents and Settings\Admin\Lokala inställningar\Temporary Internet Files\Content.IE5\BS5DJWGC\scane[1].exe

C:\WINDOWS\system32\taskdir~.exe

Packed.Win32.Tibs (virus)

C:\WINDOWS\system32\zhopaizdupla.exe

C:\WINDOWS\system32\internetoloper.exe

 

 

 

 

 

Statistik

Genomsökta:

Filer: 37130

Systemregister: 0

Ej genomsökta: 47

Resultat:

Virus: 4

Spionprogram: 0

Misstänkta objekt: 0

Åtgärder:

Rensade från virus: 0

Bytt namn: 0

Borttagna: 0

Placerade i karantän: 0

Misslyckades: 4

 

Försökte skapa logg men fick felmmeddelande, obalanserade taggar...

 

Till problemmet Telia säkersurf hittar 4 virus men gör inget åt dom utan dom finns kvar i datorn , har inte fått virusvarning för dom tidigare.

Hur gör jag nu ?

 

[inlägget ändrat 2006-04-26 21:42:35 av roger_malmö]

[Zipp.]

 

Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

 

http://koti.mbnet.fi/pattaya1/HijackThis.exe

 

[roger_malmö]

Här kommer loggen

[[log]LOG]Logfile of HijackThis v1.99.1

Scan saved at 22:09:28, on 2006-04-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_04\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program\D-Tools\daemon.exe

C:\Program\The Cleaner\tca.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Labtec\Mouse\2.1\moffice.exe

C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Eraser\eraser.exe

C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\PPSOFT.DK\PP_MailCheck\mailck.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\WINDOWS\System32\GEARSec.exe

C:\Program\Labtec\Mouse\2.1\MOUSE32A.EXE

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Program\D-Link AirPlus\AirPlus.exe

C:\Program\Photodex\ProShowGold\ScsiAccess.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\Program\Plextor\PlexTool.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Rainlendar\Rainlendar.exe

C:\Program\OOo-dev 2.0\program\soffice.exe

C:\Program\OOo-dev 2.0\program\soffice.BIN

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\moogyfly.exe

C:\WINDOWS\system32\taskdir.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsavgui.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tcactive] C:\Program\The Cleaner\tca.exe

O4 - HKLM\..\Run: [tcmonitor] C:\Program\The Cleaner\tcm.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Labtec\Mouse\2.1\moffice.exe

O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [E-KOLLEN] C:\Program\Martins program\E-KOLLEN\E-kollen.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program\Executive Software\Diskeeper\ESIRegister.exe

O4 - Startup: OOo-dev 2.0.lnk = C:\Program\OOo-dev 2.0\program\quickstart.exe

O4 - Startup: Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PlexTools Professional.lnk = C:\Program\Plextor\PlexTool.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyPoker\PartyPoker.exe (file missing)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130785558390

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe[/log]

 

[Zipp.]

 

Scanna denna fil här och meddela resultat

 

C:\WINDOWS\system32\moogyfly.exe

 

http://virusscan.jotti.org/

 

Skicka också en StartupList log från Hijack

Open the Misc Tools section

Generate StartupList log

först bocka i dom två smårutor och sen scanna.

 

[roger_malmö]

Service load: 0% 100%

 

File: moogyfly.exe

Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

MD5 21504eff9a24ed70f86c4d471d078555

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found Trojan.Downloader.Galapoper.A

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

[roger_malmö]

[log]StartupList report, 2006-04-26, 23:49:29

StartupList version: 1.52.2

Started from : C:\hijack\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_04\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program\D-Tools\daemon.exe

C:\Program\The Cleaner\tca.exe

C:\Program\The Cleaner\tcm.exe

C:\Program\Labtec\Mouse\2.1\moffice.exe

C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Program\D-Link AirPlus\AirPlus.exe

C:\Program\Plextor\PlexTool.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Labtec\Mouse\2.1\MOUSE32A.EXE

C:\Program\OOo-dev 2.0\program\soffice.exe

C:\Program\OOo-dev 2.0\program\soffice.BIN

C:\Program\Rainlendar\Rainlendar.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\WINDOWS\System32\GEARSec.exe

C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Photodex\ProShowGold\ScsiAccess.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Casino\Svenska Spels Poker\poker.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Casino\Svenska Spels Poker\poker.exe

C:\hijack\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Admin\Start-meny\Program\Autostart]

Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

Diskeeper 9 Professional Edition Registration.lnk = C:\Program\Executive Software\Diskeeper\ESIRegister.exe

OOo-dev 2.0.lnk = C:\Program\OOo-dev 2.0\program\quickstart.exe

Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]

Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

D-Link AirPlus.lnk = ?

Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

PlexTools Professional.lnk = C:\Program\Plextor\PlexTool.exe

Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

SunJavaUpdateSched = C:\Program\Java\jre1.5.0_04\bin\jusched.exe

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

QuickTime Task = "C:\Program\QuickTime\qttask.exe" -atboottime

Smapp = C:\Program\Analog Devices\SoundMAX\SMTray.exe

eTrustPPAP = "C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe"

(Default) =

Norton Ghost 9.0 = C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

DAEMON Tools-1033 = "C:\Program\D-Tools\daemon.exe" -lang 1033

tcactive = C:\Program\The Cleaner\tca.exe

tcmonitor = C:\Program\The Cleaner\tcm.exe

FLMOFFICE4DMOUSE = C:\Program\Labtec\Mouse\2.1\moffice.exe

LWBKEYBOARD = C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

F-Secure Manager = "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

F-Secure TNB = "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

F-Secure Startup Wizard = "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

WinampAgent = C:\Program\Winamp\winampa.exe

Easy-PrintToolBox = C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

E-KOLLEN = C:\Program\Martins program\E-KOLLEN\E-kollen.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

Gadwin PrintScreen 3.0 = C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\ZBSCRE~1.SCR

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registereditorn'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

*No BHO's found*

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Scheduled scanning task.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft Office Template and Media Control]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx

CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

 

[shockwave ActiveX Control]

InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

 

[{33564D57-0000-0010-8000-00AA00389B71}]

CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

 

[MUWebControl Class]

InProcServer32 = C:\WINDOWS\system32\muweb.dll

CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130785558390

 

[Housecall ActiveX 6.5]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll

CODEBASE = http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

 

[LEAD MCMP/MJPEG Decoder]

InProcServer32 = C:\WINDOWS\system32\LCODCCMP.DLL

CODEBASE = http://www.leadtools.com/cabs/LCODCCMPE.CAB

 

[Java Plug-in 1.5.0_06]

InProcServer32 = C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

 

[ActiveScan Installer Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

 

[Java Plug-in 1.5.0_04]

InProcServer32 = C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll

CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx

CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\WINDOWS\System32\nwprovau.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\mswsock.dll

Protocol #20: C:\WINDOWS\system32\mswsock.dll

Protocol #21: C:\WINDOWS\system32\mswsock.dll

Protocol #22: C:\WINDOWS\system32\mswsock.dll

Protocol #23: C:\WINDOWS\system32\mswsock.dll

Protocol #24: C:\WINDOWS\system32\mswsock.dll

Protocol #25: C:\WINDOWS\system32\mswsock.dll

Protocol #26: C:\WINDOWS\system32\mswsock.dll

Protocol #27: C:\WINDOWS\system32\mswsock.dll

Protocol #28: C:\WINDOWS\system32\mswsock.dll

Protocol #29: C:\WINDOWS\system32\mswsock.dll

Protocol #30: C:\WINDOWS\system32\mswsock.dll

Protocol #31: C:\WINDOWS\system32\mswsock.dll

Protocol #32: C:\WINDOWS\system32\mswsock.dll

Protocol #33: C:\WINDOWS\system32\mswsock.dll

Protocol #34: C:\WINDOWS\system32\mswsock.dll

Protocol #35: C:\WINDOWS\system32\mswsock.dll

Protocol #36: C:\WINDOWS\system32\mswsock.dll

Protocol #37: C:\WINDOWS\system32\mswsock.dll

Protocol #38: C:\WINDOWS\system32\mswsock.dll

Protocol #39: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Enhet av typen 61883: system32\DRIVERS\61883.sys (manual start)

IPv6 Helper Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

a347bus: system32\DRIVERS\a347bus.sys (system)

a347scsi: System32\Drivers\a347scsi.sys (system)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Adobe LM Service: "C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)

aeaudio: system32\drivers\aeaudio.sys (manual start)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP-klientprotokoll: system32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard-IDE/ESDI-hårddiskstyrenhet: system32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Ljud-stub-drivrutin: system32\DRIVERS\audstub.sys (manual start)

AVC-enhet: system32\DRIVERS\avc.sys (manual start)

Telias säkerhetstjänster: C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE (autostart)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Avkodare för dold textning: system32\DRIVERS\CCDECODE.sys (manual start)

CD-ROM-drivrutin: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

CUBZFMOT: \??\C:\WINDOWS\system32\cubzfmot.nyo (autostart)

d347bus: system32\DRIVERS\d347bus.sys (system)

d347prt: System32\Drivers\d347prt.sys (system)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Diskdrivrutin: system32\DRIVERS\disk.sys (system)

Diskeeper: "C:\Program\Executive Software\Diskeeper\DkService.exe" (autostart)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

F-Secure File System Filter: \??\C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys (autostart)

F-Secure Gatekeeper: \??\C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\Win2K\FSgk.sys (autostart)

F-Secure Gatekeeper Handler Starter: "C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe" (autostart)

F-Secure File System Recognizer: \??\C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys (autostart)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Drivrutin för diskettstyrenhet: system32\DRIVERS\fdc.sys (manual start)

Diskettdrivrutin: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\DRIVERS\fltMgr.sys (system)

fsbwsys: "C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe" (autostart)

F-Secure Anti-Virus Firewall Daemon: "C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe" (manual start)

F-Secure Firewall Driver: System32\drivers\fsdfw.sys (system)

FSMA: "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE" (autostart)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart)

giveio: system32\giveio.sys (system)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID-klassdrivrutin: system32\DRIVERS\hidusb.sys (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)

IntelIde: system32\DRIVERS\intelide.sys (system)

IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

Tjänst för IR-uppräkning: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Tangentbordsklassdrivrutin: system32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel-wave-ljudMixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Musklassdrivrutin: system32\DRIVERS\mouclass.sys (system)

HID-drivrutin för mus: system32\DRIVERS\mouhid.sys (manual start)

Klientomdirigerare för WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Microsoft DV Camera and VCR: system32\DRIVERS\msdv.sys (manual start)

Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)

Tjänstproxy för Microsoft-direktuppspelning: system32\drivers\MSKSSRV.sys (manual start)

Klockproxy för Microsoft-direktuppspelning: system32\drivers\MSPCLOCK.sys (manual start)

Kvalitetshanteringsproxy för Microsoft-direktuppspelning: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

MSSQL$SONY_MEDIAMGR: C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR (manual start)

MSSQLServerADHelper: C:\Program\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)

Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning: system32\drivers\MSTEE.sys (manual start)

NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)

Microsoft TV/Video-anslutning: system32\DRIVERS\NdisIP.sys (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS-protokoll för I/O i användarläge: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

NetBIOS-gränssnitt: system32\DRIVERS\netbios.sys (system)

NetBT: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Norton Ghost: C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe (autostart)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: system32\DRIVERS\nv4_mini.sys (manual start)

Client Service for NetWare: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)

NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)

NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)

NetWare Rdr: system32\DRIVERS\nwrdr.sys (manual start)

Odyssey Network Services Miniport: system32\DRIVERS\odysseyIM3.sys (manual start)

OHCI-kompatibel IEEE 1394-värdstyrenhet: system32\DRIVERS\ohci1394.sys (system)

Drivrutin för parallellport: system32\DRIVERS\parport.sys (manual start)

PCANDIS5 Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Processordrivrutin: system32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

PxHelp20: System32\Drivers\PxHelp20.sys (system)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direkt parallell: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Filterdrivrutin för uppspelning av digitalt CD-ljud: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

SBP-2 Transport/Protocol-bussdrivrutin: system32\DRIVERS\sbp2port.sys (system)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

ScsiAccess: C:\Program\Photodex\ProShowGold\ScsiAccess.exe (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum-filterdrivrutin: system32\DRIVERS\serenum.sys (manual start)

Drivrutin för seriell port: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)

smwdm: system32\drivers\smwdm.sys (manual start)

SoundMAX Agent Service: C:\Program\Analog Devices\SoundMAX\SMAgent.exe (autostart)

speedfan: system32\speedfan.sys (system)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

SQLAgent$SONY_MEDIAMGR: C:\Program\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR (manual start)

Drivrutin för filter för Systemåterställning: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

WIA (Windows Image Acquisition): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)

BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{91C1DBDB-1C15-4EE3-B2AF-5B0FCEA911F2} (manual start)

Microsoft Kernelsystemljudenhet: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Drivrutin för protokollet Microsoft IPv6: system32\DRIVERS\tcpip6.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

D-Link AirPlus G+ Wireless Adapter: system32\DRIVERS\GPlus.sys (manual start)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)

Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2-aktiverat nav: system32\DRIVERS\usbhub.sys (manual start)

Microsoft USB-skrivarklass: system32\DRIVERS\usbprint.sys (manual start)

Drivrutin för USB-skanner: system32\DRIVERS\usbscan.sys (manual start)

Drivrutin för USB-masslagringsenheter: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Drivrutin för Microsoft WINMM WDM-ljudkompatibilitet: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

WINIO: \??\C:\WINDOWS\TEMP\WinIo.sys (manual start)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Teletext-codec för världsstandard: system32\DRIVERS\WSTCODEC.SYS (manual start)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 39 789 bytes

Report generated in 0,594 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only[/log]

 

 

[inlägget ändrat 2006-04-27 11:46:46 av Anders N]

[fujim]

tips:

Använd log nästa gång.

 

[log]Då slipper alla bläddra förbi massa kod och annat krafs så de kanske inte är intresserade av. [/log]

 

[roger_malmö]

jag gjorde det men det fungerade tydligen inte så bra

 

[Cecilia]

Det ser ut som att du tryckte på KOD eller CITAT i stället.

 

[Zipp.]

 

Starta datorn i felsäkert läge och med dolda filer synliga ta bort.

 

C:\WINDOWS\system32\moogyfly.exe

C:\WINDOWS\system32\taskdir.exe

C:\WINDOWS\system32\zhopaizdupla.exe

C:\WINDOWS\system32\internetoloper.exe

 

och rensa bort Temporary Internet Files

Starta sen normalt och och gör en scann med F-secure om nåt hittas.

 

 

[roger_malmö]

Hur gör jag för att visa dolda filer ?

 

edit...kom på det efter en stund varit på kurs hela dagen , hjärnan har tagit stryk

 

[inlägget ändrat 2006-04-27 17:59:12 av roger_malmö]

[roger_malmö]

Efter första borttagningen fanns en elaking kvar som hette taskdir~.exe men nu klagar inte virusprogrammet.

 

Som vanligt STORT tack och givet poäng såklart

men funderar lite på varför jag inte fått någon varning innan jag körde en fullständig scan ?

 

[inlägget ändrat 2006-04-27 19:08:58 av roger_malmö]

[Zipp.]

 

Bra om du fick bort dom,du kan skicka en ny Hijack logg så ser vi om den är ok.

 

> funderar lite på varför jag inte fått någon varning innan jag körde en fullständig scan ?<

 

Kan inte svara på den frågan.

 

 

[roger_malmö]

[log]

Logfile of HijackThis v1.99.1

Scan saved at 21:46:07, on 2006-04-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\WINDOWS\System32\GEARSec.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsrw.exe

C:\Program\Photodex\ProShowGold\ScsiAccess.exe

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.5.0_04\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe

C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

C:\Program\D-Tools\daemon.exe

C:\Program\The Cleaner\tca.exe

C:\Program\The Cleaner\tcm.exe

C:\Program\Labtec\Mouse\2.1\moffice.exe

C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Labtec\Mouse\2.1\MOUSE32A.EXE

C:\Program\Winamp\winampa.exe

C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Program\Telia\TELIAS~1\ANTI-S~1\fsaw.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

C:\Program\D-Link AirPlus\AirPlus.exe

C:\Program\Plextor\PlexTool.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

C:\Program\OOo-dev 2.0\program\soffice.exe

C:\Program\Rainlendar\Rainlendar.exe

C:\Program\OOo-dev 2.0\program\soffice.BIN

C:\hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust PestPatrol\PPActiveDetection.exe"

O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program\Symantec\Norton Ghost\Agent\GhostTray.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tcactive] C:\Program\The Cleaner\tca.exe

O4 - HKLM\..\Run: [tcmonitor] C:\Program\The Cleaner\tcm.exe

O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program\Labtec\Mouse\2.1\moffice.exe

O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program\Labtec\Media Keyboard\V5.0\KbdAp32A.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [E-KOLLEN] C:\Program\Martins program\E-KOLLEN\E-kollen.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.0] C:\Program\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program\Executive Software\Diskeeper\ESIRegister.exe

O4 - Startup: OOo-dev 2.0.lnk = C:\Program\OOo-dev 2.0\program\quickstart.exe

O4 - Startup: Rainlendar.lnk = C:\Program\Rainlendar\Rainlendar.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

O4 - Global Startup: D-Link AirPlus.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: PlexTools Professional.lnk = C:\Program\Plextor\PlexTool.exe

O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O4 - Global Startup: Telias säkerhetstjänster.lnk = C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Spyware\ieshield.dll

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyPoker\PartyPoker.exe (file missing)

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130785558390

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://us-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {78D80081-F388-11D3-9161-00105A07EA40} (LEAD MCMP/MJPEG Decoder) - http://www.leadtools.com/cabs/LCODCCMPE.CAB

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - BackWeb Technologies Inc. - C:\Program\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

 

[/log]

 

[Zipp.]

 

Loggen är ok men uppdatera java.

 

[Cecilia]

men funderar lite på varför jag inte fått någon varning innan jag körde en fullständig scan ?

Det kan vara så att F-secure uppdaterats för att hitta dessa otrevligheter efter att du fick in dem i datorn.

 

[roger_malmö]

Jag var inne på www.java.com och tydligen har jag den senaste versionen men jag tror du har en poäng för ofta när jag jobbari javabaserade program funkar det inte som det skall. Tycker du att jag skall ta bort java som är installerat och hämta den på nytt eller vad är ditt tips ?

 

[Cecilia]

Du verkar ha en blandning av version 1.5.0_04

C:\Program\Java\jre1.5.0_04\bin\jusched.exe

och 1.5.0_06

C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

Avinstallera båda och installera den senaste igen så bör det rätta till sig.

 

[/Thomas]

Hej roger_malmö !

 

Till problemmet Telia säkersurf hittar 4 virus men gör inget åt dom utan dom finns kvar i datorn , har inte fått virusvarning för dom tidigare.

 

Ehhh... om du startar om datorn i FELSÄKERT LÄGE (via tryck på "F8" vid uppstarten och väljer att starta en avsökning av ALLA HÅRDDISKAR så skall du se att samtliga smittor åtgärdas!

 

Varför åtgärdades de inte tidigare???

 

Enkelt! Smittorna hölls öppna av andra processer...

Genom att starta om i felsäkertläge så startas windows med minimala startalternativ, vilket innebär att dessa smittor inte längre hålls låsta..

Och därmed går att radera!

 

Enkelt, utan en massa strul!

 

 

/Thomas

Ladda ner professionella väl genomtänkta installationsanvisningar som ger hög säkerhet mot virus & angrepp, stabil drift samt optimal prestanda på: http://www.winguider.se Finns för Win2000 Pro & för XP Pro (3 olika versioner) Ej för XP home

 

[inlägget ändrat 2006-04-28 11:22:16 av /Thomas]

[roger_malmö]

han inte mer än satta på datorn efter jobbet så var det virusvarning igen

Resultat: 1 skadliga program hittades

Packed.Win32.Tibs (virus)

C:\SYSTEM VOLUME INFORMATION\_RESTORE{5976BDFA-4DBA-491D-A2CB-787817C06524}\RP115\A0041954.EXE

 

Har inte använt datorn sedan jag skickad senaste loggen

Tar jag bort detta elände på samma sätt som de andra jag plockat ?

 

 

[roger_malmö]

Jag kan inte starta virusprogrammet i felsäkert läge , händer nada när jag försöker

 

[Zipp.]

 

Stäng av System Restore och sen starta om datorn aktivera den igen och gör en ny återställningspungt.

 

[log]Stäng System Restore

 

1. Välj Den här dator och högerklicka.

2. Välj Egenskaper.

3. Välj fliken Systemåterställning.

4. Välj "Inaktivera Systemåterställning".

5. Klicka på Verkställ.

6. Klicka på OK.

 

 

För att skapa en återställningspunkt gör du så här:

 

1. Högerklicka på Den här datorn.

2. Välj Egenskaper.

3. Under fliken Systemåterställning ser du till att Inaktivera systemåterställning på alla enheter inte är förbockad.

4. Gå in på Startmenyn.

5. Välj Program, Tillbehör, Systemverktyg och Systemåterställning.

6. Bocka för Skapa en återställningspunkt.

7. Klicka på Nästa.

8. Döp återställningspunkten till valfritt namn.

9. Klicka på Skapa.

10. Klicka på Stäng.[/log]

 

[roger_malmö]

Då har jag gjort enligt dina anvisningar , betyder det att allt är frid och fröjd nu ?

 

[Zipp.]

 

Då ska det vara rent\tomt i C:\SYSTEM VOLUME INFORMATION\_RESTORE

eller hittar F-secure nåt?

 

[roger_malmö]

Resultat: 1 skadliga program hittades

Packed.Win32.Tibs (virus)

C:\WINDOWS\system32\parad.raw.exe