Ett mindre problem som irriterar

[filipoberg]

Jag har problem med att en fil meddelas infekterad vid nästan varje uppstart. Filen heter Wab64.dll och ligger under c:\program\common files\microsoft shared\speech\Wab64.dll.

 

Här kommer hijackthis loggen:

 

 

[log]Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved ...

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 09:54:09, on 2007-12-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Hijackthis\Rensare.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://klocka.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqla

b2.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56

907.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4303 bytes[/log]

 

 

Tack på förhand!

 

[Cecilia]

Eftersom det är en test-version av HijackThis du använder så avinstallera (ta bort) den och installera den färdiga i stället:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Klistra in en logg från den sedan.

 

Vad har otrevligheten i Wab64.dll för namn?

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här.

 

[filipoberg]

Virus-programmet jag har (avg) säger att den heter: Trojan horse BackDoor.Hupigon3.MRB

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:55:31, on 2007-12-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Winamp\winamp.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://klocka.nu/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 4107 bytes

[/log]

 

[log]

ComboFix 07-12-16.3 - Dell 2007-12-16 14:53:39.1 - NTFSx86

Running from: C:\Documents and Settings\Dell\Skrivbord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-11-16 to 2007-12-16 )))))))))))))))))))))))))))))))

.

 

2007-12-16 13:54 . 2007-12-16 13:54 <KAT> d-------- C:\Program\Trend Micro

2007-12-15 19:19 . 2007-12-15 19:24 <KAT> d-------- C:\Program\Magic Video Converter

2007-12-15 19:19 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll

2007-12-15 19:19 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll

2007-12-15 19:19 . 2002-01-05 14:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-12-15 19:19 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll

2007-12-09 00:27 . 2007-12-09 00:27 <KAT> d-------- C:\Program\NVIDIA

2007-12-08 15:09 . 2007-12-08 15:09 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA

2007-12-02 15:31 . 2007-12-02 15:31 <KAT> d--h----- C:\WINDOWS\PIF

2007-12-02 13:10 . 2007-12-02 13:10 658 --a------ C:\WINDOWS\eReg.dat

2007-12-02 12:53 . 2007-12-02 12:54 <KAT> d-------- C:\Program\GameSpy Arcade

2007-11-30 19:30 . 2007-11-30 19:30 268 --ah----- C:\sqmdata00.sqm

2007-11-30 19:30 . 2007-11-30 19:30 244 --ah----- C:\sqmnoopt00.sqm

2007-11-30 17:44 . 2007-11-30 17:56 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2007-11-18 11:28 . 2007-11-18 11:28 <KAT> d---s---- C:\Documents and Settings\Dell\UserData

2007-11-17 15:52 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-11-17 15:52 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-16 14:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-12-15 21:50 --------- d-----w C:\Documents and Settings\Dell\Application Data\uTorrent

2007-12-15 21:25 --------- d-----w C:\Documents and Settings\Dell\Application Data\OpenOffice.org2

2007-12-02 17:28 --------- d-----r C:\Program\Steam

2007-12-02 12:52 --------- d--h--w C:\Program\InstallShield Installation Information

2007-12-02 12:13 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-12-02 11:51 --------- d-----w C:\Program\Delade filer\InstallShield

2007-11-17 13:30 --------- d-----w C:\Documents and Settings\Dell\Application Data\Hamachi

2007-11-15 14:26 --------- d-----w C:\Documents and Settings\Dell\Application Data\AVG7

2007-11-13 19:19 139,264 ----a-w C:\WINDOWS\War3Unin.exe

2007-11-11 23:09 --------- d-----w C:\Program\uTorrent

2007-11-11 10:33 --------- d-----w C:\Program\directx

2007-11-10 15:23 --------- d-----w C:\Program\Hamachi

2007-11-10 15:22 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2007-11-10 12:58 --------- d-----w C:\Program\Prolific Publishing, Inc

2007-11-09 19:51 --------- d-----w C:\Program\PC Wizard 2008

2007-11-07 19:12 --------- d-----w C:\Documents and Settings\Dell\Application Data\Apple Computer

2007-11-04 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2007-11-03 19:51 --------- d-----w C:\Program\Stardock

2007-11-03 09:47 --------- d-----w C:\Program\SystemRequirementsLab

2007-11-02 12:10 --------- d-----w C:\Program\OpenOffice.org 2.2

2007-11-02 11:49 --------- d-----w C:\Program\Delade filer\Adobe

2007-11-02 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems

2007-11-02 11:43 --------- d-----w C:\Program\Delade filer\Adobe Systems Shared

2007-11-02 11:33 --------- d-----w C:\Program\DAEMON Tools

2007-11-02 08:55 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-11-01 19:25 --------- d-----w C:\Documents and Settings\Dell\Application Data\SystemRequirementsLab

2007-11-01 16:33 --------- d-----w C:\Documents and Settings\Dell\Application Data\Winamp

2007-11-01 15:44 --------- d-----w C:\Program\Winamp

2007-11-01 15:36 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-11-01 15:36 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-11-01 15:36 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2007-11-01 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-01 15:14 --------- d-----w C:\Program\MSN Messenger

2007-11-01 15:09 --------- d-----w C:\Program\QuickTime

2007-11-01 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-11-01 15:08 --------- d-----w C:\Program\Apple Software Update

2007-11-01 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2007-11-01 14:56 --------- d-----w C:\Program\Java

2007-11-01 14:55 --------- d-----w C:\Program\Delade filer\Java

2007-11-01 14:16 --------- d-----w C:\Program\Easy Video Splitter

2007-11-01 14:16 --------- d-----w C:\Program\AMP WinOFF

2007-11-01 14:14 --------- d-----w C:\Documents and Settings\Dell\Application Data\vlc

2007-11-01 14:13 --------- d-----w C:\Program\TPTEST5

2007-11-01 13:53 --------- d-----w C:\Documents and Settings\Dell\Application Data\Talkback

2007-11-01 13:52 --------- d-----w C:\Program\Gabest

2007-11-01 13:51 --------- d-----w C:\Program\VideoLAN

2007-10-31 22:16 --------- d-----w C:\Program\Delade filer\SpeechEngines

2007-10-31 22:16 --------- d-----w C:\Program\Delade filer\ODBC

2007-10-31 21:39 --------- d-----w C:\Program\microsoft frontpage

2007-10-31 21:36 --------- d-----w C:\Program\Onlinetjänster

2007-10-31 21:35 --------- d-----w C:\Program\Delade filer\MSSoap

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2007-06-29 06:24]

"WinampAgent"="C:\Program\Winamp\winampa.exe" []

"AVG7_CC"="C:\Program\Grisoft\AVG7\avgcc.exe" [2007-11-02 09:22]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:34 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:34 C:\WINDOWS\system32\rundll32.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34]

"AVG7_Run"="C:\Program\Grisoft\AVG7\avgw.exe" [2007-11-02 09:22]

 

S2 NetCM;Network Connection Manager;C:\Program\Common Files\Microsoft Shared\Speech\svchost.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2007-12-24 18:18:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-16 15:02:14

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-16 15:04:14 - machine was rebooted

.

2007-11-15 14:16:06 --- E O F ---

[/log]

 

[Cecilia]

Backdoor betyder att otrevligheten öppnar en bakdörr till datorn så att andra kan komma åt den utifrån internet. Håll därför internetanslutningen urdragen så mycket som möjligt.

 

[Cecilia]

2007-12-02 12:53 . 2007-12-02 12:54 <KAT> d-------- C:\Program\GameSpy Arcade

Detta är ett olämpligt program: http://www.siteadvisor.com/sites/gamespyarcade.com

Avinstallera i Kontrollpanelen - Lägg till eller ta bort program

Ta sedan bort ovanstående mapp (en omstart kanske krävs för att det ska gå).

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen samt File size här. Upprepa med nästa filnamn.

C:\Program\Common Files\Microsoft Shared\Speech\svchost.exe

C:\Program\Common Files\Microsoft Shared\Speech\Wab64.dll

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

Vad finns i mappen C:\Program\Common Files\Microsoft Shared\Speech?

Filnamn, storlek, datum och klockslag