Just nu i M3-nätverket
Jump to content

Trojan: W32/delf.drm


gissy

Recommended Posts

Hej! Mitt F-Secure (Telia Säker Surf) har detekterat en trojan i min dator (W32/delf.drm). Datorn visar ett meddelande om detta som inte går att få bort. Trojanen gör datorn bara segare och segare, till slut går det knappt att öppna START-menyn. Kör man en scanning med F-Secure så lyckas den döpa om filen (C:\Program\tygmk.fsg) men filen replikerar sig själv omedelbart.

 

Jag har letat men inte hittat lösning på problemet.

 

Några förslag?

 

Går det att köra en systemåterställning till en återställningspunkt innan jag fick problemet?

 

Tacksam för all hjälp!

 

Link to comment
Share on other sites

 

[log]Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-102273

53.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen[/log]

 

Link to comment
Share on other sites

Tack för all hjälp, här kommer den.

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:54:53, on 2009-05-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\explorer.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\ih8.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\ih8run.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujidirekt.se/aurigma2/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 7036 bytes

[/log]

 

Link to comment
Share on other sites

 

[log]Ladda ner Malwarebytes Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte är öppen i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar[/log]

 

Link to comment
Share on other sites

Återigen ett stort TACK. Och loggen:

 

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2155

Windows 5.1.2600 Service Pack 3

 

2009-05-19 21:26:25

mbam-log-2009-05-19 (21-26-25).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 88263

Förfluten tid: 17 minute(s), 14 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 4

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\tygmk.fsgxxxxxxxxxxxxxxxx (Trojan.Gumblar) -> Quarantined and deleted successfully.

C:\WINDOWS\tygmk.0sg (Trojan.Gumblar) -> Quarantined and deleted successfully.

C:\WINDOWS\tygmk.1sg (Trojan.Gumblar) -> Quarantined and deleted successfully.

C:\WINDOWS\tygmk.fsg (Trojan.Gumblar) -> Delete on reboot.

[/log]

 

Link to comment
Share on other sites

Hej igen!

 

Ombads starta om datorn och fick inget meddelande om virus. Ska jag våga tro att det är borta?

 

Ny logg från Malwarebytes:

 

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2155

Windows 5.1.2600 Service Pack 3

 

2009-05-19 21:45:11

mbam-log-2009-05-19 (21-45-11).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 88766

Förfluten tid: 6 minute(s), 31 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

samt hijack:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:47:22, on 2009-05-19

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujidirekt.se/aurigma2/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 7203 bytes

[/log]

 

Link to comment
Share on other sites

Jag har haft systemåterställning inaktiverad sedan jag fickproblemen - är det så att jag kan aktivera den igen redan nu om problemen är borta eller ska jag vänta ett tag?

 

Link to comment
Share on other sites

 

[log]

Jag har haft systemåterställning inaktiverad sedan jag fickproblemen - är det så att jag kan aktivera den igen redan nu om problemen är borta eller ska jag vänta ett tag?

 

Du kan aktivera den igen

 

Ladda ner RSIT (random's system information tool) till Skrivbordet

http://images.malwareremoval.com/random/RSIT.exe

Kör och skicka loggen som kommer ut = log.txt[/log]

 

Link to comment
Share on other sites

Stort TACK för hjälpen, du är guld Zipp!

 

Och loggen:

[log]Logfile of random's system information tool 1.06 (written by random/random)

Run by Hilda at 2009-05-20 17:31:36

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 219 GB (92%) free of 238 GB

Total RAM: 1023 MB (59% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:31:52, on 2009-05-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FCH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe

C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program\ATI Technologies\ATI.ACE\CLI.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe

C:\Program\ATI Technologies\ATI.ACE\cli.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Hilda\Skrivbord\RSIT.exe

C:\Program\Trend Micro\HijackThis\Hilda.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.spray.se/app/uploader/FileUploader.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujidirekt.se/aurigma2/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 7301 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program\Java\jre6\bin\ssv.dll [2009-02-16 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-02-16 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-16 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]

"ATICCC"=C:\Program\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"TkBellExe"=C:\Program\Delade filer\Real\Update_OB\realsched.exe [2006-04-23 180269]

"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-02-16 136600]

"Telia"=C:\Program\Telia\Supportassistent\bin\sprtcmd.exe [2008-10-16 201976]

"F-Secure Manager"=C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE [2008-09-23 182936]

"F-Secure TNB"=C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe [2008-09-23 957024]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Picture Package Menu.lnk]

C:\Program\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Picture Package VCD Maker.lnk]

C:\Program\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2003-12-17 106496]

 

C:\Documents and Settings\All Users\Start-meny\Program\Autostart

Adobe Reader Speed Launch.lnk - C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

ATI CATALYST System Tray.lnk - C:\Program\ATI Technologies\ATI.ACE\CLI.exe

BankID säkerhetsprogram.lnk - C:\Program\Personal\bin\Personal.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-01-24 46080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SupportSoft RemoteAssist]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program\Messenger\Msmsgs.exe"="C:\Program\Messenger\Msmsgs.exe:*:Disabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program\LimeWire\LimeWire.exe"="C:\Program\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2009-05-20 17:31:36 ----D---- C:\rsit

2009-05-19 21:01:28 ----D---- C:\Documents and Settings\Hilda\Application Data\Malwarebytes

2009-05-19 21:00:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-05-19 20:59:56 ----D---- C:\Program\Malwarebytes' Anti-Malware

2009-05-19 19:53:35 ----D---- C:\Program\Trend Micro

2009-05-17 01:19:32 ----D---- C:\Documents and Settings\Hilda\Application Data\F-Secure

2009-05-17 00:58:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-05-17 00:16:49 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-05-17 00:12:26 ----D---- C:\Program\Lavasoft

2009-05-17 00:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-05-13 21:03:05 ----D---- C:\Documents and Settings\All Users\Application Data\fssg

2009-05-11 21:05:38 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure

2009-05-11 20:52:56 ----D---- C:\Documents and Settings\All Users\Application Data\Support.com

2009-05-03 18:05:14 ----D---- C:\WINDOWS\Minidump

2009-04-26 16:21:09 ----D---- C:\Documents and Settings\Hilda\Application Data\Personal

 

======List of files/folders modified in the last 1 months======

 

2009-05-20 17:31:52 ----D---- C:\WINDOWS\Temp

2009-05-20 17:31:22 ----D---- C:\WINDOWS\Prefetch

2009-05-20 17:30:22 ----D---- C:\Program\Mozilla Firefox

2009-05-20 17:27:57 ----D---- C:\WINDOWS

2009-05-20 17:24:39 ----D---- C:\WINDOWS\system32\CatRoot2

2009-05-20 17:24:29 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt

2009-05-20 07:22:59 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-05-19 22:18:58 ----SHD---- C:\System Volume Information

2009-05-19 22:18:58 ----D---- C:\WINDOWS\system32\Restore

2009-05-19 21:33:52 ----D---- C:\WINDOWS\system32\drivers

2009-05-19 20:59:56 ----RD---- C:\Program

2009-05-19 19:46:59 ----SHD---- C:\WINDOWS\Installer

2009-05-19 19:45:42 ----AD---- C:\WINDOWS\system32

2009-05-17 17:39:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-05-17 17:08:55 ----SD---- C:\WINDOWS\Tasks

2009-05-17 09:36:30 ----SD---- C:\Documents and Settings\Hilda\Application Data\Microsoft

2009-05-17 00:17:43 ----HD---- C:\WINDOWS\inf

2009-05-17 00:11:58 ----D---- C:\WINDOWS\WinSxS

2009-05-16 20:05:16 ----D---- C:\WINDOWS\system32\LogFiles

2009-05-16 11:31:10 ----D---- C:\Program\LimeWire

2009-05-11 21:07:45 ----D---- C:\Norman

2009-05-11 21:06:10 ----D---- C:\Program\Delade filer

2009-05-11 21:03:02 ----D---- C:\Program\Telia

2009-05-07 09:16:29 ----A---- C:\WINDOWS\system32\MRT.exe

2009-04-29 18:21:23 ----A---- C:\WINDOWS\NeroDigital.ini

2009-04-26 17:02:07 ----D---- C:\WINDOWS\system32\FxsTmp

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-01-24 36352]

R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys []

R1 kbdhid;HID-drivrutin för tangentbord; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 NGS;Norman General Security Driver; \??\c:\norman\nvc\bin\ngs.sys []

R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2006-01-21 40576]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-01-24 12970]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-01-13 3844288]

R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-24 1339392]

R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2006-01-24 105984]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys []

R3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2006-01-24 1042816]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-01-24 210304]

R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12160]

R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2006-01-24 13824]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbstor;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-01-24 679808]

S3 8f63e189-139d-45ad-81ed-cf1fc461b223;8f63e189-139d-45ad-81ed-cf1fc461b223; \??\D:\CDS300\cds300.dll []

S3 CCDECODE;Avkodare för dold textning; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]

S3 jswmidin;jswmidin; \??\C:\DOCUME~1\ALEXAN~1\LOKALA~1\Temp\jswmidin.sys []

S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video-anslutning; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;USB-ljuddrivrutiner (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbscan;Drivrutin för USB-skanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Teletext-codec för världsstandard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSfilter.sys []

S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\Win2K\FSrec.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-24 376832]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe [2009-05-19 215648]

R2 FSMA;FSMA; C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE [2008-09-23 117400]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-02-16 152984]

R2 sprtsvc_telia;SupportSoft Sprocket Service (telia); C:\Program\Telia\Supportassistent\bin\sprtsvc.exe [2008-10-16 202016]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 FSAUA;F-Secure Automatic Update Agent; C:\Program\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe [2008-09-23 490080]

R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe [2008-09-23 510560]

R3 FSORSPClient;F-Secure ORSP Client; C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe [2008-09-23 55904]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]

S2 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program\Delade filer\SupportSoft\bin\ssrc.exe [2008-10-16 382320]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]

 

-----------------EOF-----------------

[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...