Just nu i M3-nätverket
Jump to content

HJT Hjälp?


Daun

Recommended Posts

Min dator han börjat sega något enormt när jag är ute på Internet. Har virus/ad-aware/Spybot-sökt...

Bifogar en HJT-log om någon som förstår sej på den skulle vilja se om det finns något skumt...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:47:56, on 2007-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Messenger Detect\MDServ.exe

C:\Program\Messenger Detect\MDetect.exe

C:\PROGRAM\TRENDM~1\INTERN~1\PCCTLCOM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRAM\TRENDM~1\INTERN~1\TMPFW.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe

C:\HP\KBD\KBD.EXE

C:\Program\Trend Micro\Internet Security 14\pccguide.exe

C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\RarSFX1\App\jccatch.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: &ampGoogle - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] 'C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe'

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OE] 'C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe'

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [pccguide.exe] 'C:\Program\Trend Micro\Internet Security 14\pccguide.exe'

O4 - HKLM\..\Run: [LFAgent] C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe -start

O4 - HKLM\..\Run: [TkBellExe] 'C:\Program\Delade filer\Real\Update_OB\realsched.exe' -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Crun] 'C:\WINDOWS\system32\RACLE~1\svchost.exe' -vt yazb

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MDServ - formessengers.com - C:\Program\Messenger Detect\MDServ.exe

O23 - Service: NetOp Helper ver. 8.00 (2005249) (NetOp Host for NT Service) - Danware Data A/S - C:\Program\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program\WinPcap\rpcapd.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 8831 bytes

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

Gå till http://www.virustotal.com/ klistra in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen samt File size här.

C:\WINDOWS\system32\RACLE~1\svchost.exe

 

Har du själv ställt in att det inte ska gå att ändra vissa inställningar i Internet Explorer, t ex i Spybot S&ampD?

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

Link to comment
Share on other sites

Hum... Verkar som om den inte finns längre... (C:\WINDOWS\system32\RACLE~1\svchost.exe) Inte ens mappen...

Ja, jag har ställt in det så i Spybot.

Tack för tipset om JAVA, ska fixa det.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:09:19, on 2007-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Messenger Detect\MDServ.exe

C:\Program\Messenger Detect\MDetect.exe

C:\PROGRAM\TRENDM~1\INTERN~1\PCCTLCOM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRAM\TRENDM~1\INTERN~1\TMPROXY.EXE

C:\PROGRAM\TRENDM~1\INTERN~1\TMPFW.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe

C:\HP\KBD\KBD.EXE

C:\Program\Trend Micro\Internet Security 14\pccguide.exe

C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe

C:\PROGRAM\EPROMPTER\EPROMPTER.EXE

C:\PROGRAM\INTERNET EXPLORER\IEXPLORE.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\RarSFX1\App\jccatch.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] 'C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe'

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OE] 'C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe'

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [pccguide.exe] 'C:\Program\Trend Micro\Internet Security 14\pccguide.exe'

O4 - HKLM\..\Run: [LFAgent] C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe -start

O4 - HKLM\..\Run: [TkBellExe] 'C:\Program\Delade filer\Real\Update_OB\realsched.exe' -osboot

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [Crun] 'C:\WINDOWS\system32\RACLE~1\svchost.exe' -vt yazb

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MDServ - formessengers.com - C:\Program\Messenger Detect\MDServ.exe

O23 - Service: NetOp Helper ver. 8.00 (2005249) (NetOp Host for NT Service) - Danware Data A/S - C:\Program\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program\WinPcap\rpcapd.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 8123 bytes

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

Nu har jag inst. senaste JAVA'n och tagit bort allt gammalt...

 

Den där filen: C:\WINDOWS\system32\RACLE~1\svchost.exe, det finns ju ingen rac* -mapp i system32!?

 

ComboFix 07-10-29.1 - HP_Ägaren 2007-10-29 17:19:02.1 - NTFSx86

Running from: C:\Documents and Settings\HP_Ägaren\Skrivbord\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\HP_Ägaren\Application Data\inst.exe

C:\Program\Delade filer\{307A4~1

C:\Program\Delade filer\{307A4~1\UnInstall.exe

C:\Program\Delade filer\{A07A4~1

C:\Program\Delade filer\{A07A4~1\system.dll

C:\Program\pedevice

C:\Program\pedevice\communication.xml

C:\Program\pedevice\Domain.Watchlist.txt

C:\Program\pedevice\pae-options.xml

C:\Program\pedevice\pae_url.xml

C:\Program\pedevice\PeDev.dll

C:\Program\pedevice\PeDev.exe

C:\Program\pedevice\pedevPS.dll

C:\Program\pedevice\Preparation.dll

C:\Program\pedevice\search.watchlist.txt

C:\Program\pedevice\statistic.xml

C:\Program\pedevice\tmp\tmp.html

C:\Program\pedevice\watchlist.xml

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\racle~1

C:\WINDOWS\system32\racle~1\?racleC:\WINDOWS\system32\wanpacket.dll

C:\WINDOWS\system32\wpcap.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_COM+_MESSAGES

-------\LEGACY_NPF

-------\NPF

 

 

((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))

.

 

2007-10-29 17:17 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-29 17:07 <KAT> d-------- C:\Program\Delade filer\Java

2007-10-24 17:07 12,800 --a------ C:\WINDOWS\system32\WING32.DLL

2007-10-21 16:51 248,080 --------- C:\WINDOWS\system32\voxrt24.dll

2007-10-21 16:51 95,232 --------- C:\WINDOWS\system32\SMACKW32.DLL

2007-10-21 16:51 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll

2007-10-21 16:45 2,688 --a------ C:\WINDOWS\system32\drivers\HIDSwvd.sys

2007-10-21 16:45 2,688 --a------ C:\WINDOWS\system32\dllcache\hidswvd.sys

2007-10-21 16:44 59,136 --a------ C:\WINDOWS\system32\drivers\GcKernel.sys

2007-10-21 16:44 59,136 --a------ C:\WINDOWS\system32\dllcache\gckernel.sys

2007-10-21 16:44 10,240 --a------ C:\WINDOWS\system32\SWPIDFLT.DLL

2007-10-21 16:44 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll

2007-10-21 14:07 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-10-21 14:04 <KAT> d-------- C:\Program\Eidos

2007-10-21 09:00 <KAT> d-------- C:\Program\Play+Smile

2007-10-18 19:09 <KAT> d-------- C:\Program\PokerStars

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-10-29 16:25 --------- d-----w C:\Program\ePrompter

2007-10-29 16:09 --------- d-----w C:\Program\Java

2007-10-29 16:03 --------- d-----w C:\Program\BitLord

2007-10-29 16:00 --------- d--h--w C:\Program\InstallShield Installation Information

2007-10-29 12:54 --------- d-----w C:\Program\Google

2007-10-29 12:45 --------- d-----w C:\Program\Trend Micro

2007-10-28 20:55 --------- d-----w C:\Program\PeerGuardian2

2007-10-28 20:55 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\Azureus

2007-10-27 19:21 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\SolSuite

2007-10-21 17:06 --------- d-----w C:\Program\EA GAMES

2007-10-21 15:50 --------- d-----w C:\Program\Microsoft Games

2007-10-18 17:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2007-10-17 16:26 --------- d-----w C:\Program\MSN Messenger

2007-10-16 15:16 --------- d-----w C:\Program\Delade filer\Adobe

2007-09-27 15:27 --------- d-----w C:\Program\Network Stumbler

2007-09-25 05:11 --------- d-----w C:\Program\MagicDisc

2007-09-25 05:07 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\dvdcss

2007-09-21 18:39 --------- d-----w C:\Program\Vstep

2007-09-21 14:46 --------- d-----w C:\Program\WinPcap

2007-09-19 17:25 --------- d-----w C:\Program\Psion

2007-09-18 20:36 --------- d-----w C:\Program\Buka

2007-09-17 14:40 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\FlashGet

2007-09-17 14:34 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\Lavasoft

2007-09-17 14:29 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\Thinstall

2007-09-17 14:29 --------- d-----w C:\Documents and Settings\HP_Ägaren\Application Data\Pegasys Inc

2007-09-17 13:28 --------- d-----w C:\Program\THQ

2007-09-12 05:29 --------- d-----w C:\Program\Xilisoft

2007-09-11 20:19 --------- d-----w C:\Program\Keronsoft

2007-09-11 20:06 --------- d-----w C:\Program\Ultra Video Converter

2007-09-11 19:58 --------- d-----w C:\Program\Magic Video Converter

2007-09-09 05:12 --------- d-----w C:\Program\Björne

2007-09-07 19:16 --------- d-----w C:\Program\Tweak-XP Pro 4

2007-09-07 15:09 --------- d-----w C:\Program\MagicISO

2007-09-05 17:05 --------- d-----w C:\Program\Mpeg2Decoder

2007-09-05 14:33 --------- d-----w C:\Program\Azureus

2007-09-04 23:46 92,544 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys

2007-09-02 11:27 --------- d-----w C:\Program\Deskshare

2007-09-02 11:27 --------- d-----w C:\Program\Delade filer\DeskShare Shared

2007-09-01 17:45 --------- d-----w C:\Program\Power Video Converter

2007-08-30 13:42 --------- d-----w C:\Program\Ship_Simulator_2008

2007-07-26 06:10 47,360 ----a-w C:\Documents and Settings\HP_Ägaren\Application Data\pcouffin.sys

2007-06-28 11:55 5,632 --sha-w C:\Program\Thumbs.db

2007-01-27 20:07 89,904 ----a-w C:\Documents and Settings\HP_Ägaren\Application Data\GDIPFONTCACHEV1.DAT

2006-12-31 11:59 456 ----a-w C:\Program\INSTALL.LOG

2006-03-26 00:39 184 ----a-w C:\Documents and Settings\HP_Ägaren\Application Data\wklnhst.dat

2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

2000-10-20 16:00 753 ----a-w C:\Program\pacman.reg

2000-10-20 15:56 581,632 ----a-w C:\Program\pac-man.exe

2000-10-20 09:49 1,936,924 ----a-w C:\Program\myth.pak

2000-10-11 15:37 33,257 ----a-w C:\Program\ReadMe.txt

2000-10-11 09:12 57,061,717 ----a-w C:\Program\menu.pac

2000-10-11 07:47 193,159,064 ----a-w C:\Program\game.pac

2000-10-09 00:01 56 ------w C:\Program\options.dat

2000-10-08 16:00 37 ------r C:\Program\PAC-MAN.DAT

2000-10-06 14:43 364 ------w C:\Program\scores.dat

2000-10-05 10:54 1,078 ------r C:\Program\PAC-MAN.ICO

2000-10-03 14:16 13 ------w C:\Program\override.dat

2000-09-26 17:23 547 ------w C:\Program\slot2.dat

2000-09-26 17:23 547 ------w C:\Program\slot1.dat

2000-09-26 17:19 547 ------w C:\Program\slot3.dat

2000-09-26 11:51 547 ------w C:\Program\slot6.dat

2000-09-26 11:51 547 ------w C:\Program\slot5.dat

2000-09-26 11:51 547 ------w C:\Program\slot4.dat

2000-08-06 22:14 237 ----a-w C:\Program\setup.bat

2000-08-06 22:11 20,992 ----a-w C:\Program\mythxpak.exe

2000-04-06 01:13 263,168 ------w C:\Program\binkw32.dll

2000-03-31 19:47 301,568 ----a-w C:\Program\myth.acm

2000-03-02 23:01 81,920 ------w C:\Program\eaxman.dll

2000-02-11 13:04 4,775,936 ----a-w C:\Program\hsbr.exe

1999-09-08 15:36 126,976 ------w C:\Program\ffc10.dll

2006-08-18 17:56:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'hpsysdrv'='c:\windows\system\hpsysdrv.exe' [1998-05-07 17:04]

'ATIPTA'='C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe' [2005-08-14 04:05]

'AlcxMonitor'='ALCXMNTR.EXE' [2004-09-07 21:47 C:\WINDOWS\ALCXMNTR.EXE]

'Recguard'='C:\WINDOWS\SMINST\RECGUARD.EXE' [2005-07-22 22:14]

'SoundMan'='SOUNDMAN.EXE' [2006-11-17 05:42 C:\WINDOWS\soundman.exe]

'OE'='C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe' [2005-10-31 11:24]

'KBD'='C:\HP\KBD\KBD.EXE' [2005-02-02 16:44]

'pccguide.exe'='C:\Program\Trend Micro\Internet Security 14\pccguide.exe' [2005-11-16 20:23]

'LFAgent'='C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe' [2007-06-13 15:33]

'TkBellExe'='C:\Program\Delade filer\Real\Update_OB\realsched.exe' [2006-01-02 21:50]

'SunJavaUpdateSched'='C:\Program\Java\jre1.6.0_03\bin\jusched.exe' [2007-09-25 01:11]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'Crun'='C:\WINDOWS\system32\RACLE~1\svchost.exe' []

 

C:\Documents and Settings\Administratör.DATOR1\Start-meny\Program\AutostartPin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 21:18:12]

 

C:\Documents and Settings\Lovisa\Start-meny\Program\AutostartPin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 21:18:12]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

'NoDispBackgroundPage'=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

'NoLogoff'=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

'{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}'= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2007-01-22 15:48 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.DLL 2007-03-18 14:53 282624 C:\Program\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma Loader.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^CanoScan FB310 Utilities.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^ePrompter.lnk]

backup=C:\WINDOWS\pss\ePrompter.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HotSync Manager.lnk]

backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Digital Imaging Monitor.lnk]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^MY_C4D.jpg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Yahoo! Widget Engine.lnk]

backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00DSKSVR00]

'C:\Program\Easy Desktop Keeper\desksaver.exe' saskda

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00DSKSVR01]

C:\Program\Easy Desktop Keeper\desksaver.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

'C:\Program\Adobe\Adobe Photoshop Lightroom\apdproxy.exe'

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

'C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe'

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

'C:\Program\SlySoft\CloneCD\CloneCDTray.exe' /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

'C:\Program\DAEMON Tools\daemon.exe' -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E06AXLRD_95672609]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fzlj]

C:\WINDOWS\F?nts\l?ass.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]

c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioloDelayModule]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

'C:\Program\Messenger\msmsgs.exe' /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

'C:\Program\QuickTime\qttask.exe' -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

'C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe' /startoptions

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Blocker]

 

R1 NHostNT1NetOp Driver 1 ver. 8.00 (2005249)C:\WINDOWS\system32\Drivers\NHOSTNT1.SYS

R2 as260nas260nC:\WINDOWS\system32\drivers\as260n.sys

R2 cvintdrvcvintdrvC:\WINDOWS\system32\drivers\cvintdrv.sys

R2 LF30FSLF30FS\??\C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30XP.sys

R2 MDServMDServ'C:\Program\Messenger Detect\MDServ.exe'

R2 NetOp Host for NT ServiceNetOp Helper ver. 8.00 (2005249)'C:\Program\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE'

R3 NHOSTNT3NetOp Driver 3 ver. 8.00 (2005249) (NHOSTNT3)C:\WINDOWS\system32\Drivers\NHOSTNT3.SYS

R3 syswincsyswincC:\WINDOWS\system32\drivers\syswinc.sys

S3 BVRPMPR5BVRPMPR5 NDIS Protocol Driver\??\E:\INSTAL~E\Core\BVRPMPR5.SYS

S3 GcKernelFilterdrivrutin för Microsoft SideWinder Value AddC:\WINDOWS\system32\DRIVERS\GcKernel.sys

S3 HIDSwvdVirtuell HID-minidrivrutin för Microsoft SideWinderC:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command - F:\Launcher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{089bdd3a-bb8a-11db-adee-0013d3fa1ef7}]

AutoRun\command - EXPLORER.EXE

explore\Command - EXPLORER.EXE

open\Command - EXPLORER.EXE

 

.

Contents of the 'Scheduled Tasks' folder

'2007-10-27 16:00:00 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job'

- C:\Program\Lavasoft\AD-AWA~1\Ad-Aware.exe

'2007-06-30 05:18:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job'

- C:\Program\Apple Software Update\SoftwareUpdate.exe

'2007-10-28 20:03:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{216C6FB5-0F98-488B-83CB-01569BFAD678}.job'

.

**************************************************************************

 

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-29 17:30:16

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

.

Completion time: 2007-10-29 17:33:21 - machine was rebooted

.

--- E O F ---

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:38:51, on 2007-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Messenger Detect\MDServ.exe

C:\PROGRAM\TRENDM~1\INTERN~1\PCCTLCOM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRAM\TRENDM~1\INTERN~1\TMPFW.EXE

C:\Program\TRENDM~1\INTERN~1\PccGuide.exe

C:\windows\system\hpsysdrv.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe

C:\HP\KBD\KBD.EXE

C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\RarSFX1\App\jccatch.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] 'C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe'

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OE] 'C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe'

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [pccguide.exe] 'C:\Program\Trend Micro\Internet Security 14\pccguide.exe'

O4 - HKLM\..\Run: [LFAgent] C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe -start

O4 - HKLM\..\Run: [TkBellExe] 'C:\Program\Delade filer\Real\Update_OB\realsched.exe' -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] 'C:\Program\Java\jre1.6.0_03\bin\jusched.exe'

O4 - HKCU\..\Run: [Crun] 'C:\WINDOWS\system32\RACLE~1\svchost.exe' -vt yazb

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MDServ - formessengers.com - C:\Program\Messenger Detect\MDServ.exe

O23 - Service: NetOp Helper ver. 8.00 (2005249) (NetOp Host for NT Service) - Danware Data A/S - C:\Program\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program\WinPcap\rpcapd.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 8089 bytes

 

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

ComboFix tog just bort mappen:

C:\WINDOWS\system32\racle~1

samt en massa annat.

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [Crun] 'C:\WINDOWS\system32\RACLE~1\svchost.exe' -vt yazb

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Hur uppför sig datorn nu?

 

 

Link to comment
Share on other sites

De två raderna är borta, dessvärre segar Internet fortfarande... Eller rättare sagt MSIE, ska jag in på routern kan det ta typ 2 minuter och en massa F5 innan jag lyckas... (Just nu är routern inte inkopplad)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:45, on 2007-10-29

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Messenger Detect\MDServ.exe

C:\PROGRAM\TRENDM~1\INTERN~1\PCCTLCOM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRAM\TRENDM~1\INTERN~1\TMPFW.EXE

C:\windows\system\hpsysdrv.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe

C:\HP\KBD\KBD.EXE

C:\Program\Trend Micro\Internet Security 14\pccguide.exe

C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\HP_GAR~1\LOKALA~1\Temp\RarSFX1\App\jccatch.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] 'C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe'

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [OE] 'C:\Program\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exe'

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [pccguide.exe] 'C:\Program\Trend Micro\Internet Security 14\pccguide.exe'

O4 - HKLM\..\Run: [LFAgent] C:\Program\Everstrike Software\Lock Folder XP 3.5\LF30.exe -start

O4 - HKLM\..\Run: [TkBellExe] 'C:\Program\Delade filer\Real\Update_OB\realsched.exe' -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] 'C:\Program\Java\jre1.6.0_03\bin\jusched.exe'

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program\ICQ\ICQ.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: MDServ - formessengers.com - C:\Program\Messenger Detect\MDServ.exe

O23 - Service: NetOp Helper ver. 8.00 (2005249) (NetOp Host for NT Service) - Danware Data A/S - C:\Program\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program\WinPcap\rpcapd.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 7986 bytes

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

Har du skannat igenom datorn med SUPERAntiSpyware? Hittas något?

 

Ladda ner följande fil till Skrivbordet.

http://www.uploads.ejvindh.net/rootchk.exe

Kör den.

Om du får frågor från brandväggen så svara ja/ok så att filen får gå ut på internet.

Efter en stund visas en logg som du klistrar in i ditt svar.

 

 

Link to comment
Share on other sites

SUPERAntiSpyware hittade bara några cookies...

RootCheck gav ett felmeddelande:

http://www.vildans.se/files/rootchk_1.jpg

 

Jag fick ändå en logfil:

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh

2007-10-29 19:27:55,96

 

The rootkits that are detected by this tool were not found.

 

********************************* ROOTCHK-LOG-end

 

 

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-29 19:27:56

Windows 5.1.2600 Service Pack 2

scanning hidden processes ...

 

scanning hidden services &amp system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010dce9dac0]

'000fdee031f9'=hex:14,57,cf,05,90,b5,53,0a,5e,08,14,69,ec,0b,c0,62

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

's1'=dword:a11ff122

's2'=dword:cee0c667

'h0'=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

'h0'=dword:00000000

'khjeh'=hex:21,25,39,a1,84,31,b2,ad,e2,03,46,1c,a7,a5,ed,75,8a,6e,4d,59,c0,..

'p0'='C:\Program\DAEMON Tools\'

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

'a0'=hex:20,01,00,00,88,90,0a,4f,69,79,28,71,c0,00,7b,3d,ec,6f,39,d6,4e,..

'khjeh'=hex:a8,c6,d0,30,fb,22,14,8f,76,df,73,37,d4,bb,46,c4,0a,25,81,30,c0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

'khjeh'=hex:25,72,35,fa,b7,78,b1,fc,14,de,4b,20,e5,ff,1f,f0,90,58,ea,d8,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

'khjeh'=hex:b3,05,b3,16,81,50,48,fd,d3,40,2e,7e,e2,9d,a1,9e,b4,9b,e0,73,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

'khjeh'=hex:d3,1a,cd,21,20,a2,a3,ba,63,6e,7f,d4,39,26,fa,c3,84,30,f9,ee,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

'khjeh'=hex:d7,1b,a9,bf,68,5e,3a,b4,53,48,9f,b2,f5,63,a7,43,c0,b4,f4,6e,e6,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010dce9dac0]

'000fdee031f9'=hex:14,57,cf,05,90,b5,53,0a,5e,08,14,69,ec,0b,c0,62

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

'h0'=dword:00000000

'khjeh'=hex:21,25,39,a1,84,31,b2,ad,e2,03,46,1c,a7,a5,ed,75,8a,6e,4d,59,c0,..

'p0'='C:\Program\DAEMON Tools\'

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

'a0'=hex:20,01,00,00,88,90,0a,4f,69,79,28,71,c0,00,7b,3d,ec,6f,39,d6,4e,..

'khjeh'=hex:a8,c6,d0,30,fb,22,14,8f,76,df,73,37,d4,bb,46,c4,0a,25,81,30,c0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

'khjeh'=hex:25,72,35,fa,b7,78,b1,fc,14,de,4b,20,e5,ff,1f,f0,90,58,ea,d8,a0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

'khjeh'=hex:b3,05,b3,16,81,50,48,fd,d3,40,2e,7e,e2,9d,a1,9e,b4,9b,e0,73,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]

'khjeh'=hex:d3,1a,cd,21,20,a2,a3,ba,63,6e,7f,d4,39,26,fa,c3,84,30,f9,ee,10,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]

'khjeh'=hex:d7,1b,a9,bf,68,5e,3a,b4,53,48,9f,b2,f5,63,a7,43,c0,b4,f4,6e,e6,..

 

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

'DisplayName'='Alcohol 120% (Trial Version)'

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

'TracesProcessed'=dword:00000b56

 

scanning hidden files ...

 

hidden processes: 0

hidden services: 0

hidden files: 0

 

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

'dessvärre segar Internet fortfarande... Eller rättare sagt MSIE, ska jag in på routern kan det ta typ 2 minuter och en massa F5 innan jag lyckas... (Just nu är routern inte inkopplad)'

Är det bara tidsödande att komma till routerns inställningssidor eller vad menar du?

Ingår det en brandvägg i programmet från Trend Micro?

 

Link to comment
Share on other sites

Nej, det är tar lika lång tid att komma in i routern som på Internetsidor... Öppna inst. sidan på routern brukar bara ta typ en halv sekund...

Ja, jag har en brandvägg i TM. Windows brandvägg inaktiverad...

 

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

Det här programmet:

C:\Program\Messenger Detect\MDServ.exe

Har du haft det länge? Så att det inte beror på det. Eller något annat du installerade i samband med att IE blev segt?

 

Link to comment
Share on other sites

'Det här programmet:

C:\Program\Messenger Detect\MDServ.exe

Har du haft det länge?' Vet inte ens vad det är, men en googling ger: http://www.prevx.com/filenames/2625165222242237710-0/MDSERV.EXE.html

 

Så jag tar bort den.

Nej jag har inte haft problem så länge, en vecka kanske, och jag har inte installerat eller gjort något ovanligt med datamaskinen...

-----------------------------------------------------

Commodore 64, FDD: Commodore 1541,

CPU: 6510 1MHz @ 1,8GHz, Memory: 512 MB,

Sound: 12 Channels,

2* TacII joystick, Final cartridge III.

 

Link to comment
Share on other sites

http://formessengers.com/mdetect.htm

Kontrollera att O23-raden med programmet försvinner från en ny HijackThis-logg.

 

För ungefär en vecka sedan tillkom den här filen:

2007-10-24 17:07 12,800 --a------ C:\WINDOWS\system32\WING32.DLL

Vilket verkar vara WinG High-Performance Graphics Library från Microsoft, och något som hör ihop med DOS-spel. http://www.auditmypc.com/process/wing32.asp

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...