VIRUS Tror jag?

[Hel Och Ren]

Hej!

 

Har råkat fått in något som jag tror ska bort fortare än kvikt!

 

Och jag vet inte hur det kommit in heller?

 

Detta hittade jag när jag körde: msconfig för att se hur mycket det var som startade med Win,och såg något jag INTE sett förut och detta heter: wksvss.exe !!

 

Och nu vet jag inte hur jag ska få bort detta? Jag har testat med NORTON Internet Secu 2006 - 2008,F-Secure Online scanning,AVG Antivirus 2007 mm mm!

 

Men somsagt det ligger snällt kvar?

 

Är det någon som vet vad detta är? OCH hur får jag bort detta?

 

Tacksam för svar!

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[inlägget ändrat 2008-02-09 16:06:52 av Helren]

[Cecilia]

Vi kan ju se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, kör, skanna och spara loggen (inget annat).

Klistra in loggen i ditt svar.

 

[Gäst ollemunter]

Helren!

Ofarlig komponent tillhörande Works från Microsoft.

wksss.exe

En sökning på Googles gav svaret.

 

 

Component Name: wksss.exe

 

Description of wksss.exe

This is a component of Microsoft Works. This software from Microsoft makes managing family schedules, coordinating events, and even planning day-to-day tasks much simpler.

 

Recommendation for wksss.exe ...

 

 

Trusted: Yes

Trojan: No

Chronic: No

Adware: No

Carrier: No

Browser Hijacker: No

Dialer: No

Commercial Keylogger: No

Remote Administration Tool: No

Suspected: No

 

Company Name: Microsoft Corporation.

 

Däremot så kan 'wksvss.exe' vara nåt som inte är så bra förstås, Googles hittade inget om denna fil.

 

 

[inlägget ändrat 2008-02-09 17:13:08 av ollemunter]

[Hel Och Ren]

 

Hej!

 

Jag har en J*vla massa på autostart = 04´men min dator borde klara av detta tycker jag!

 

Jag ska skicka in en Loggfil,jag har kollat själv på denna men är INTE så haj på detta!

 

Men men enligt mig så ska det inte vara några större faror,Men det får du eller någon annan avgöra Helst!

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Hel Och Ren]

 

Hej!

 

Ja då kommer denna HiJack Logg Nu!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:55:24, on 2008-02-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\acs.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program\Bluetooth-programvara\bin\btwdins.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\snmp.exe

C:\Program\SPAMfighter\sfus.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\UPHClean\uphclean.exe

C:\WINDOWS\System32\ups.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\SPAMfighter\SFAgent.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\USBTD.exe

C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\pmdmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Bluetooth-programvara\BTTray.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program\BLUETO~1\BTSTAC~1.EXE

C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program\INCRED~1\bin\ImApp.exe

C:\Program\Google\deskbar-0.5.95.0\ggviewer.exe

C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program\MSI\Core Center\CoreCenter.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\PopTray\PopTray.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pfatjanster.idg.se/support/category.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toolbar.google.com/tbredir?r=di&ampl=sv&ampv=3.0

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&ampD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &ampGoogle - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] 'C:\Program\HP\HP Software Update\HPWuSchd2.exe'

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [GrooveMonitor] 'C:\Program\Microsoft Office\Office12\GrooveMonitor.exe'

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nmctxth] 'C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe'

O4 - HKLM\..\Run: [nmapp] 'C:\Program\Pure Networks\Network Magic\nmapp.exe' -autorun -nosplash

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sPAMfighter Agent] 'C:\Program\SPAMfighter\SFAgent.exe' update delay 60

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] 'C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe'

O4 - HKLM\..\Run: [ccApp] 'C:\Program\Delade filer\Symantec Shared\ccApp.exe'

O4 - HKLM\..\Run: [osCheck] 'C:\Program\Norton Internet Security\osCheck.exe'

O4 - HKLM\..\Run: [uFD Utility] C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\USBTD.exe

O4 - HKLM\..\Run: [uFD Monitor] C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\pmdmon.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program\Windows Live\Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [incrediMail] C:\Program\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] 'C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe' clear

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: PopTray.lnk = C:\Program\PopTray\PopTray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: PopTray.lnk = C:\Program\PopTray\PopTray.exe (User 'Default user')

O4 - Startup: PopTray.lnk = C:\Program\PopTray\PopTray.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: CoreCenter.lnk = C:\Program\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: D-Link REG Utility.lnk = C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe

O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ampxportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &ampBluetooth - C:\Program\Bluetooth-programvara\btsendto_ie_ctx.htm

O8 - Extra context menu item: Translate with &ampBabylon - res://C:\Program\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &ampBlogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&ampcka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search &amp Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab

O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.16/uploader2.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\acs.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program\SPAMfighter\sfus.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\SNAPST~1\Common\x10nets.exe

 

--

End of file - 15041 bytes

 

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Cecilia]

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Kan du läsa om på http://www.bleepingcomputer.com/startups/ALCMTR.EXE-240.html

 

Jag ser inte till någon wksvss.exe. Har du tagit bort den eller?

 

[Hel Och Ren]

Hej!

 

Nej! Jag har inte tagit Bort för jag får INTE bort detta!

 

Men jag har Kryssat av detta i msconfig! Men det finns där iaf!

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[inlägget ändrat 2008-02-10 09:09:50 av Helren]

[Cecilia]

Ja, men då syns det inte i HijackThis-loggen. Sätt tillbaks bocken i msconfig och klistra in en ny HijackThis-logg, sedan kan du ta bort bocken igen.

 

[Hel Och Ren]

 

Hej!

 

Ny logg! Sen har jag något som heter 'Sky Tel' som jag ej vet vad detta är?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:50:20, on 2008-02-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\acs.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program\Bluetooth-programvara\bin\btwdins.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\snmp.exe

C:\Program\SPAMfighter\sfus.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\UPHClean\uphclean.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe

C:\Program\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\SPAMfighter\SFAgent.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\pmdmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program\Bluetooth-programvara\BTTray.exe

C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program\Google\deskbar-0.5.95.0\ggviewer.exe

C:\Program\INCRED~1\bin\ImApp.exe

C:\Program\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program\MSI\Core Center\CoreCenter.exe

C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\PopTray\PopTray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program\Delade filer\Microsoft Shared\office12\offlb.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pfatjanster.idg.se/support/category.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toolbar.google.com/tbredir?r=di&ampl=sv&ampv=3.0

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&ampD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &ampGoogle - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HP Software Update] 'C:\Program\HP\HP Software Update\HPWuSchd2.exe'

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [GrooveMonitor] 'C:\Program\Microsoft Office\Office12\GrooveMonitor.exe'

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nmctxth] 'C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe'

O4 - HKLM\..\Run: [nmapp] 'C:\Program\Pure Networks\Network Magic\nmapp.exe' -autorun -nosplash

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sPAMfighter Agent] 'C:\Program\SPAMfighter\SFAgent.exe' update delay 60

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] 'C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe'

O4 - HKLM\..\Run: [ccApp] 'C:\Program\Delade filer\Symantec Shared\ccApp.exe'

O4 - HKLM\..\Run: [osCheck] 'C:\Program\Norton Internet Security\osCheck.exe'

O4 - HKLM\..\Run: [uFD Monitor] C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\pmdmon.exe

O4 - HKLM\..\Run: [Windows Console] wkssvc.exe

O4 - HKCU\..\Run: [MsnMsgr] 'C:\Program\Windows Live\Messenger\MsnMsgr.Exe' /background

O4 - HKCU\..\Run: [incrediMail] C:\Program\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] 'C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe' clear

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PopTray.lnk = C:\Program\PopTray\PopTray.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: CoreCenter.lnk = C:\Program\MSI\Core Center\CoreCenter.exe

O4 - Global Startup: D-Link REG Utility.lnk = C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe

O4 - Global Startup: DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk = C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ampxportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &ampBluetooth - C:\Program\Bluetooth-programvara\btsendto_ie_ctx.htm

O8 - Extra context menu item: Translate with &ampBabylon - res://C:\Program\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &ampBlogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&ampcka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search &amp Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab

O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.16/uploader2.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\acs.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program\Delade filer\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program\SPAMfighter\sfus.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\Program\COMMON~1\SNAPST~1\Common\x10nets.exe

 

--

End of file - 14605 bytes

 

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Cecilia]

SkyTel: http://www.bleepingcomputer.com/startups/SkyTel-17102.html

 

O4 - HKLM\..\Run: [Windows Console] wkssvc.exe

Det är en IRCBot, alltså något som öppnar en bakdörr till datorn så att andra kan kan fjärrstyra den.

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

 

[Hel Och Ren]

 

Hej!

 

Det är lite skumt när denna 'Sky Tel' Installeras direkt med Win!

 

Jag har Xp Home Edition på ena disken och Xp Pro på den andra disken!

 

Och 'Sky Tel' verkar följa med på någe sätt UTAN att jag har installerat något annat Program?

 

Men ska testa med ditt förslag,få se om detta försvinner? Jag har ju iof bockat av denna också i msconfig efterspm jag inte visste vad det var för någe!

 

Har frågat OM 'Sky Tel' Tidigare och fick till svar att det inte var någe att bry sig om!

 

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Hel Och Ren]

 

Hej!

 

Ja första gången så stod att en process var upptagen av en annan..........!

 

Men här kommer denna:

 

 

SDFix: Version 1.140

 

Run by S”ren on 2008-02-10 at 12:04

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\DOCUME~1\SREN~1\SKRIVB~1\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

 

 

Final Check:

 

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

 

http://www.gmer.net

Rootkit scan 2008-02-10 12:10:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services &amp system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0003c98728ba]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0003c98728ba]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0003c98728ba]

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 4

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy

 

\standardprofile\authorizedapplications\list]

'%windir%\\system32\\sessmgr.exe'='%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-

 

22019'

'%windir%\\Network Diagnostic\\xpnetdiag.exe'='%windir%\\Network

 

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000'

'C:\\Program\\IncrediMail\\bin\\ImApp.exe'='C:\\Program\\IncrediMail\\bin\\ImApp.exe:*:Enabl

 

ed:IncrediMail'

'C:\\Program\\IncrediMail\\bin\\IncMail.exe'='C:\\Program\\IncrediMail\\bin\\IncMail.exe:*:E

 

nabled:IncrediMail'

'C:\\Program\\IncrediMail\\bin\\ImpCnt.exe'='C:\\Program\\IncrediMail\\bin\\ImpCnt.exe:*:Ena

 

bled:IncrediMail'

'C:\\Documents and Settings\\S”ren\\Lokala inst„llningar\\Temporary Internet

 

Files\\Content.IE5\\OD070ZQN\\incredimail_install[1].exe'='C:\\Documents and

 

Settings\\S”ren\\Lokala inst„llningar\\Temporary Internet

 

Files\\Content.IE5\\OD070ZQN\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer'

'C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE'='C:\\Program\\Microsoft

 

Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook'

'C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE'='C:\\Program\\Microsoft

 

Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove'

'C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE'='C:\\Program\\Microsoft

 

Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpofxm08.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hposfx08.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpqCopy.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpfccopy.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpzwiz01.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe'

'C:\\Program\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe'='C:\\Program\\HP\\Digital

 

Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe'

'C:\\Program\\HP\\Digital Imaging\\Unload\\HpqDIA.exe'='C:\\Program\\HP\\Digital

 

Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe'

'C:\\Program\\HP\\Digital Imaging\\bin\\hpoews01.exe'='C:\\Program\\HP\\Digital

 

Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe'

'C:\\Program\\Logitech\\Desktop

 

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe'='C:\\Program\\Logitech\\Desktop

 

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop

 

Messenger'

'C:\\Program\\SnapStream Media\\Beyond

 

TV\\BTVRegistrationService.exe'='C:\\Program\\SnapStream Media\\Beyond

 

TV\\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service'

'C:\\Program\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service'

'C:\\Program\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service'

'C:\\Program\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine'

'C:\\Program\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader'

'C:\\Program\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service'

'C:\\Program\\SnapStream Media\\Beyond

 

TV\\BTVTaskManagerService.exe'='C:\\Program\\SnapStream Media\\Beyond

 

TV\\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service'

'C:\\Program\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape'

'C:\\Program\\SnapStream Media\\Beyond TV\\SetupWizard.exe'='C:\\Program\\SnapStream

 

Media\\Beyond TV\\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard'

'C:\\Program\\Skype\\Phone\\Skype.exe'='C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype

 

'

'C:\\Program\\Messenger\\msmsgs.exe'='C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows

 

Messenger'

'C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe'='C:\\Program\\Windows

 

Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger'

'C:\\Program\\Windows Live\\Messenger\\livecall.exe'='C:\\Program\\Windows

 

Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)'

'C:\\Program\\Delade filer\\Pure Networks Shared\\Platform\\nmsrvc.exe'='C:\\Program\\Delade

 

filer\\Pure Networks Shared\\Platform\\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform

 

Service'

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy

 

\domainprofile\authorizedapplications\list]

'%windir%\\system32\\sessmgr.exe'='%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-

 

22019'

'%windir%\\Network Diagnostic\\xpnetdiag.exe'='%windir%\\Network

 

Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000'

'C:\\Program\\Logitech\\Desktop

 

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe'='C:\\Program\\Logitech\\Desktop

 

Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop

 

Messenger'

'C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe'='C:\\Program\\Windows

 

Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger'

'C:\\Program\\Windows Live\\Messenger\\livecall.exe'='C:\\Program\\Windows

 

Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)'

 

Remaining Files:

---------------

 

 

Files with Hidden Attributes:

 

Mon 28 Jan 2008 1,404,240 A.SHR --- 'C:\Program\Spybot - Search &amp Destroy\SDUpdate.exe'

Mon 28 Jan 2008 5,146,448 A.SHR --- 'C:\Program\Spybot - Search &amp Destroy\SpybotSD.exe'

Mon 28 Jan 2008 2,097,488 A.SHR --- 'C:\Program\Spybot - Search &amp Destroy\TeaTimer.exe'

Sun 30 Sep 2007 0 A.SH. --- 'C:\Documents and Settings\All

 

Users\DRM\Cache\Indiv01.tmp'

Wed 12 Dec 2007 120 A..H. --- 'C:\Program\Common

 

Files\Snapstream\Common\x10prod.sys'

Wed 8 Aug 2007 400 A..H. --- 'C:\Program\Delade filer\Symantec

 

Shared\COH\COH32LU.reg'

Wed 8 Aug 2007 403 A..H. --- 'C:\Program\Delade filer\Symantec

 

Shared\COH\COHDLU.reg'

Fri 8 Feb 2008 224,736 ...HR --- 'C:\WINDOWS\system32\drivers\etc\Hosts.bak'

 

Finished!

 

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Cecilia]

SkyTel är något som hör ihop med drivrutinen för ljudkortet, vad jag kan förstå från länken, och du har väl annat ljudkort i andra datorn.

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

 

[Hel Och Ren]

Hej IGEN Cecilia!

 

Nej!

 

Inget annat ljudkort faktiskt,jag kör med detta som är intergrerat i M-Kortet!

 

Jo Sky Tel verkar till höra ljudkortet Realteak!

 

Jag får väl stänga av Routern då eftersom jag kör trådlöst via 108Mbit/s (D-Link Hela köret)

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[inlägget ändrat 2008-02-10 12:36:57 av Helren]

[inlägget ändrat 2008-02-10 12:38:52 av Helren]

[Cecilia]

Stäng av routern eller inaktivera den trådlösa anslutningen i Nätverksanslutningar.

 

[Hel Och Ren]

 

Hej!

 

Hoppas att det är bra nu! *Ler*

 

Måste ut med jycken en sväng!

 

Här kommer denna:

 

ComboFix 08-02.05.3 - Sören 2008-02-10 12:45:15.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.2064 [GMT 1:00]

Running from: C:\Documents and Settings\Sören\Lokala inställningar\Temporary Internet Files\Content.IE5\5EB04A9E\ComboFix[1].exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\WINDOWS\system32\loader.exe

C:\WINDOWS\system32\systeminfo.dll

D:\Autorun.inf

E:\Autorun.inf

G:\Autorun.inf

 

----- BITS: Possible infected sites -----

 

hxxp://www.download.windowsupdate.com

.

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))

.

 

2008-02-10 11:32 . 2008-02-10 11:32 <KAT> d-------- C:\WINDOWS\ERUNT

2008-02-10 11:24 . 2008-02-10 05:54 <KAT> d-------- C:\SDFix

2008-02-10 10:37 . 2008-02-10 10:37 262,144 --a------ C:\WINDOWS\system32\default_user_class.dat

2008-02-09 18:53 . 2008-02-09 18:53 <KAT> d-------- C:\Program\Trend Micro

2008-02-09 09:33 . 2008-02-09 09:33 <KAT> d-------- C:\fsaua.data

2008-02-08 18:31 . 2008-02-09 18:53 <KAT> d-------- C:\HiJackThis

2008-02-08 18:29 . 2008-02-08 18:29 <KAT> d-------- C:\Program\RegCure

2008-02-08 17:01 . 2008-02-08 17:01 <KAT> d-------- C:\Program\Pm-Disk

2008-02-08 14:12 . 2008-02-08 14:12 <KAT> d-------- C:\Program\Windows Sidebar

2008-02-08 14:12 . 2008-02-08 14:49 <KAT> d-------- C:\Program\Norton Internet Security

2008-02-08 14:11 . 2008-02-08 14:45 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-02-08 14:11 . 2008-02-08 14:45 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-02-08 14:11 . 2008-02-08 14:45 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-02-08 14:11 . 2008-02-08 14:45 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-02-08 12:55 . 2008-02-08 12:55 0 --a------ C:\rollback.ini

2008-02-08 12:50 . 2008-02-08 12:50 691,545 --a------ C:\WINDOWS\unins000.exe

2008-02-08 12:50 . 2008-02-08 12:50 3,451 --a------ C:\WINDOWS\unins000.dat

2008-02-07 17:17 . 2008-02-08 13:01 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-02-07 17:16 . 2008-02-08 14:40 <KAT> d-------- C:\WINDOWS\system32\ZoneLabs

2008-02-07 16:27 . 2008-02-08 14:45 <KAT> d-------- C:\Program\Symantec

2008-02-07 16:27 . 2008-02-08 12:13 <KAT> d-------- C:\Program\Norton AntiVirus

2008-02-07 16:27 . 2008-02-08 14:14 <KAT> d-------- C:\Documents and Settings\Sören\Application Data\Symantec

2008-02-07 13:32 . 2008-02-07 14:13 <KAT> d-------- C:\Program\Mozilla Thunderbird

2008-02-07 13:32 . 2008-02-07 13:32 <KAT> d-------- C:\Documents and Settings\Sören\Application Data\Thunderbird

2008-02-04 12:30 . 2008-02-04 12:30 512 --a------ C:\ScanSectorLog.dat

2008-02-04 11:49 . 2008-02-04 11:50 <KAT> d--h----- C:\msdownld.tmp

2008-02-03 07:47 . 2008-02-03 07:47 <KAT> d-------- C:\Program\VIA Technologies, INC

2008-02-02 18:26 . 2008-02-07 17:13 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-02-02 16:55 . 2008-02-10 12:09 <KAT> d-------- C:\Program\SPAMfighter

2008-02-02 16:55 . 2008-02-02 16:55 <KAT> d-------- C:\Program\Delade filer\Application

2008-02-02 16:55 . 2008-02-02 16:55 <KAT> d-------- C:\Program\Delade filer\Ankiro

2008-02-02 16:55 . 2008-02-02 16:55 <KAT> d-------- C:\Documents and Settings\Sören\Application Data\SPAMfighter

2008-02-02 16:49 . 2008-02-08 13:59 <KAT> d-------- C:\Program\PC Inspector File Recovery

2008-02-02 16:49 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD

2008-02-02 14:29 . 2008-02-02 14:29 <KAT> d-------- C:\Program\Desktop Christmas Tree

2008-02-02 11:23 . 2008-02-02 11:23 <KAT> d-------- C:\Documents and Settings\Sören\WD Sync Data

2008-02-02 11:23 . 2008-02-02 11:23 <KAT> d-------- C:\Documents and Settings\Sören\WD Sync Data

2008-01-31 16:12 . 2008-01-31 16:12 <KAT> d-------- C:\Documents and Settings\Sören\Application Data\Lavasoft

2008-01-31 16:04 . 2008-01-31 16:04 <KAT> d-------- C:\Program\Lavasoft

2008-01-31 16:04 . 2008-01-31 16:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-31 11:04 . 2008-01-31 11:05 <KAT> d-------- C:\WINDOWS\ULEAD.DAT

2008-01-31 11:04 . 2008-01-31 11:05 <KAT> d-------- C:\Program\Ulead iPhoto Express

2008-01-31 11:04 . 1995-07-31 15:14 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL

2008-01-31 11:04 . 1996-08-13 18:52 11,264 --a------ C:\WINDOWS\Ulead iPhoto Express.SCR

2008-01-31 11:04 . 2008-01-31 11:05 650 --a------ C:\WINDOWS\ULEAD32.INI

2008-01-30 17:44 . 2008-01-30 17:44 <KAT> d-------- C:\Program\Pure Networks

2008-01-30 17:43 . 2008-01-30 17:43 <KAT> d-------- C:\Program\Delade filer\Pure Networks Shared

2008-01-30 17:41 . 2008-01-30 17:43 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Pure Networks

2008-01-29 19:47 . 2008-01-29 19:47 357,768 --a------ C:\Documents and Settings\Sören\SymXPep2.dll

2008-01-29 19:47 . 2008-01-29 19:47 357,768 --a------ C:\Documents and Settings\Sören\SymXPep2.dll

2008-01-25 23:34 . 2008-02-10 09:54 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-25 21:09 . 2008-01-25 21:09 <KAT> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2008-01-18 20:17 . 2008-01-18 20:17 1,071 --a------ C:\WINDOWS\AWMODEM.INF

2008-01-13 15:27 . 2008-01-13 15:31 <KAT> d-------- C:\temp\ext37558

2008-01-13 15:17 . 2008-01-13 15:33 <KAT> d-------- C:\Program\Microsoft Silverlight

2008-01-12 10:17 . 2008-01-12 10:17 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-01-12 10:17 . 2008-01-12 10:17 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-01-12 10:08 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-01-12 10:08 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-01-12 10:05 . 2008-01-12 10:05 <KAT> d-------- C:\Program\AIDA32 - Enterprise System Information

2008-01-12 10:04 . 2008-01-12 10:04 <KAT> d-------- C:\WINDOWS\system32\Futuremark

2008-01-12 10:04 . 2008-01-12 10:06 <KAT> d-------- C:\Program\Futuremark

2008-01-12 10:04 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-01-12 10:04 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-01-12 06:13 . 2008-01-12 06:13 <KAT> d-------- C:\Program\SlySoft

2008-01-12 06:12 . 2008-01-12 06:12 <KAT> d-------- C:\Documents and Settings\Sören\Application Data\gtopala

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-10 11:44 --------- d-----w C:\Program\Delade filer\Symantec Shared

2008-02-08 17:12 --------- d-----w C:\Program\Spybot - Search &amp Destroy

2008-02-08 12:51 --------- d-----w C:\Program\SUPERAntiSpyware

2008-02-08 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search &amp Destroy

2008-02-03 10:55 --------- d-----w C:\Program\Windows Live

2008-02-03 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-02 15:49 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-31 15:34 --------- d-----w C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter

2008-01-31 15:27 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard

2008-01-31 15:27 --------- d-----w C:\Documents and Settings\Sören\Application Data\SUPERAntiSpyware.com

2008-01-31 15:05 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-20 12:04 --------- d-----w C:\Program\PopTray

2008-01-12 09:06 --------- d-----w C:\Program\Lavalys

2008-01-12 05:14 --------- d-----w C:\Program\PC Wizard 2006

2008-01-12 05:12 --------- d-----w C:\Program\IncrediMail

2008-01-07 06:50 --------- d-----w C:\Program\DriverGuide Toolkit

2008-01-07 06:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-01-06 16:08 --------- d-----w C:\Program\MSWorks

2008-01-06 16:01 25,600 ----a-w C:\WINDOWS\system32\drivers\usbser.sys

2008-01-06 15:50 65,536 ----a-w C:\Documents and Settings\Sören\nvtemp.dat

2008-01-06 15:50 65,536 ----a-w C:\Documents and Settings\Sören\nvtemp.dat

2008-01-03 17:14 --------- d-----w C:\Program\Western Digital Technologies

2008-01-03 16:23 --------- dcsh--w C:\Program\Delade filer\WindowsLiveInstaller

2008-01-03 08:56 15,890 ----a-w C:\WINDOWS\system32\drivers\mdc8021x.sys

2007-12-21 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon

2007-12-21 20:32 --------- d-----w C:\Documents and Settings\Sören\Application Data\Babylon

2007-12-20 15:57 --------- d-----w C:\Program\D-Link

2007-12-20 15:19 --------- d-----w C:\Program\Babylon

2007-12-19 18:18 --------- d-----w C:\Program\Yahoo!

2007-12-19 18:17 --------- d-----w C:\Documents and Settings\Sören\Application Data\Yahoo!

2007-12-19 18:16 --------- d-----w C:\Program\DivX

2007-12-19 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\BlazeVideo

2007-12-18 08:56 --------- d-----w C:\Program\NCH Swift Sound

2007-12-18 08:55 --------- d-----w C:\Program\SnapStream Media

2007-12-18 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SnapStream

2007-12-18 08:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2007-12-17 22:18 --------- d-----w C:\Program\Hot CPU Tester Pro 4 LE

2007-12-17 09:15 --------- d-----w C:\Program\Delade filer\Teleca Shared

2007-12-16 18:19 --------- d-----w C:\Documents and Settings\Sören\Application Data\Windows Desktop Search

2007-12-16 17:39 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Teleca

2007-12-16 17:01 --------- d-----w C:\Program\Windows Desktop Search

2007-12-15 06:27 --------- d-----w C:\Program\Windows Media Connect 2

2007-12-15 06:27 --------- d-----w C:\Program\Tweak-XP Pro 4

2007-12-15 06:27 --------- d-----w C:\Program\TPTEST5

2007-12-15 06:27 --------- d-----w C:\Program\BlueVoda Website Builder

2007-12-15 06:27 --------- d-----w C:\Program\Bluetooth-programvara

2007-12-13 19:04 --------- d-----w C:\Program\DIFX

2007-12-13 18:53 --------- d-----w C:\Program\Sony Ericsson

2007-12-13 11:07 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2007-12-13 11:07 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf

2007-12-13 11:00 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys

2007-12-13 11:00 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys

2007-12-13 11:00 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll

2007-12-13 06:44 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Sony Ericsson

2007-12-13 06:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Ericsson

2007-12-12 21:26 --------- d-----w C:\Documents and Settings\Sören\Application Data\Teleca

2007-12-12 20:45 --------- d-----w C:\Program\Delade filer\Sony Ericsson Shared

2007-12-12 20:45 --------- d-----w C:\Documents and Settings\Sören\Application Data\Sony Ericsson

2007-12-12 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca

2007-12-12 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2007-12-12 19:42 --------- d-----w C:\Program\Sony

2007-12-12 19:17 --------- d-----w C:\Program\Sony Setup

2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-11 06:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander

2007-12-11 06:36 --------- d-----w C:\Program\Common Files

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\SET2ED.tmp

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\SET2EB.tmp

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-12-05 00:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\SET2E0.tmp

2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\SET2E4.tmp

2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-12-05 00:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries &amp legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-24 20:51 316784 --a------ C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-02-08 14:34 116088 --a------ C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

'{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'= C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'MsnMsgr'='C:\Program\Windows Live\Messenger\MsnMsgr.exe' [2007-10-18 11:35 5724184]

'IncrediMail'='C:\Program\IncrediMail\bin\IncMail.exe' [2007-09-20 14:17 208946]

'LDM'='C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe' [2007-10-30 10:30 67128]

'swg'='C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe' [2007-10-10 14:03 68856]

'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2006-03-02 13:00 15360]

'NVIDIA nTune'='C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe' [2007-07-03 11:32 81920]

'SUPERAntiSpyware'='C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe' [2006-12-06 13:40 1294336]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

'RTHDCPL'='RTHDCPL.EXE' [2006-05-18 07:27 16207872 C:\WINDOWS\RTHDCPL.EXE]

'nwiz'='nwiz.exe' [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

'HP Software Update'='C:\Program\HP\HP Software Update\HPWuSchd2.exe' [2005-05-11 22:12 49152]

'BluetoothAuthenticationAgent'='bthprops.cpl' [2006-03-02 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

'GrooveMonitor'='C:\Program\Microsoft Office\Office12\GrooveMonitor.exe' [2007-08-24 07:00 33648]

'NvCplDaemon'='C:\WINDOWS\system32\NvCpl.dll' [2007-12-05 01:41 8523776]

'nmctxth'='C:\Program\Delade filer\Pure Networks Shared\Platform\nmctxth.exe' [2007-10-01 20:08 451896]

'nmapp'='C:\Program\Pure Networks\Network Magic\nmapp.exe' [2007-10-29 22:04 451896]

'NvMediaCenter'='C:\WINDOWS\system32\NvMcTray.dll' [2007-12-05 01:41 81920]

'SPAMfighter Agent'='C:\Program\SPAMfighter\SFAgent.exe' [2008-01-02 17:03 308880]

'Adobe Reader Speed Launcher'='C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe' [2008-01-11 22:16 39792]

'ccApp'='C:\Program\Delade filer\Symantec Shared\ccApp.exe' [2008-01-31 13:15 51048]

'osCheck'='C:\Program\Norton Internet Security\osCheck.exe' [2007-08-24 21:53 714608]

'UFD Monitor'='C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\pmdmon.exe' [2002-11-20 16:58 45056]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

'CTFMON.EXE'='C:\WINDOWS\system32\CTFMON.EXE' [2006-03-02 13:00 15360]

 

C:\Documents and Settings\S”ren\Start-meny\Program\AutostartPopTray.lnk - C:\Program\PopTray\PopTray.exe [2006-09-16 14:01:16 1666048]

 

C:\Documents and Settings\All Users\Start-meny\Program\AutostartBTTray.lnk - C:\Program\Bluetooth-programvara\BTTray.exe [2004-09-02 14:34:04 565309]

CoreCenter.lnk - C:\Program\MSI\Core Center\CoreCenter.exe [2007-10-01 06:27:38 928256]

D-Link REG Utility.lnk - C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\Reg.exe [2007-12-28 19:41:42 28672]

DWL-G520M Wireless 108G MIMO PCI Adapter Utility.lnk - C:\Program\DWL-G520M Wireless 108G MIMO PCI Adapter\AIRPLUS.exe [2007-12-28 19:41:42 667648]

HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]

HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]

Logitech Desktop Messenger.lnk - C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-30 10:30:48 67128]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

'{56F9679E-7826-4C84-81F3-532071A8BCC5}'= C:\Program\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

'{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}'= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-09-28 11:22 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Windows Skrivbordssökning.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Windows Skrivbordssökning.lnk

backup=C:\WINDOWS\pss\Windows Skrivbordssökning.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Sören^Start-meny^Program^Autostart^Skärmurklipp och start för OneNote 2007.lnk]

path=C:\Documents and Settings\Sören\Start-meny\Program\Autostart\Skärmurklipp och start för OneNote 2007.lnk

backup=C:\WINDOWS\pss\Skärmurklipp och start för OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

C:\Program\Elaborate Bytes\CloneCD\CloneCDTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]

C:\Program\Elaborate Bytes\CloneCD\ElbyCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firefly]

C:\Program\SnapStream Media\Firefly\Firefly.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2007-08-24 07:00 33648 C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

--a------ 2005-05-03 08:10 53248 C:\Program\Musicmatch\Musicmatch Jukebox\mmtask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

--a------ 2007-07-03 11:32 81920 C:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-01 07:20 155648 C:\Program\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-ra------ 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

-ra------ 2007-06-13 08:16 528384 C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 00:11 132496 C:\Program\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

--a------ 2007-03-14 16:52 3770024 C:\Program\TomTom HOME\TomTomHOME.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UFD Utility]

--a------ 2002-11-20 17:34 417792 C:\Program\Pm-Disk\Pm-Disk Champion Utility-Standard Version\USBTD.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]

--a------ 2007-10-05 17:31 3596976 C:\Documents and Settings\Sören\Application Data\UpdateStar\UpdateStar.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14125a81-999b-11dc-941a-001617998869}]

\Shell\AutoRun\command - R:\InstallTomTomHOME.exe

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

'2008-02-08 13:19:43 C:\WINDOWS\Tasks\Norton Internet Security - Kör fullständig systemsökning - Sören.job'

- C:\Program\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

'2008-02-10 11:07:26 C:\WINDOWS\Tasks\RegCure Program Check.job'

- C:\Program\RegCure\RegCure.exe

'2008-02-08 17:29:52 C:\WINDOWS\Tasks\RegCure.job'

- C:\Program\RegCure\RegCure.exe

'2008-02-07 15:38:41 C:\WINDOWS\Tasks\Symantec NetDetect.job'

- C:\Program\Symantec\LiveUpdate\NDETECT.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 12:47:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-10 12:47:41

ComboFix-quarantined-files.txt 2008-02-10 11:47:19

.

2008-01-09 07:34:44 --- E O F ---

 

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Hel Och Ren]

 

Hej!

 

Vad är detta?

 

2008-02-08 12:55 . 2008-02-08 12:55 0 --a------ C:\rollback.ini

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Cecilia]

2008-02-08 12:55 . 2008-02-08 12:55 0 --a------ C:\rollback.ini

Har storleken 0 bytes, så det är en tom fil.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\INT13EXT.VXD

C:\WINDOWS\system32\wkssvc.exe

 

Vad finns i mappen C:\temp\ext37558?

 

RegCure har Sophos invändningar mot.

http://www.sophos.com/security/analyses/regcure.html

Är väl lämpligt att avinstallera.

 

[Hel Och Ren]

Hej Igen Cecilia!

 

 

Vad i H'Lvet ska man ha för ATT KLARA SIG?

 

Jag körde Karspysky online!

 

Hittade 7st Virus och 35 Infekt?

 

Är det troligt?

 

Bla:

Backdoor.Win32.Delf.dhu

 

Jag kör förtillfället med Norton sec 2008!

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[inlägget ändrat 2008-02-15 19:54:47 av Helren]

[Cecilia]

Hur vore det att göra som jag skrev sist så att datorn kan bli ren någon gång?

 

[Hel Och Ren]

 

Hej Igen Cecilia!

 

Jag körde Kaspersky ONLINE scan!

 

Och denna hittade Ca: 7 Virus och 35 Infekted?

 

Vad f*n ska man ha för att skydda sig???

 

Jag har symantec 2008 på ena disken och F-secore 'felstavat men du vet vad jag menar!

 

Och att jag INTE har medelat detta är att jag undrar vad som är rätt o FEL?

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[Hel Och Ren]

Hej!

 

Hur vore det att göra som jag skrev sist så att datorn kan bli ren någon gång?

 

Vet ej OM denna är det???

 

Det man inte vet har man ingen aning om.

Teori och praktik förenas när ingenting fungerar och ingen vet varför.

AMD AM25600 3,02Ghz,DDR2 2x1Gb+2x512Mb i Dual 800Mhz,s-ata2 400+160Gb+120Gb 2,5,Nvid PCIE 7600GT

 

[inlägget ändrat 2008-02-16 13:31:37 av Helren]

[Cecilia]

Läs mitt inlägg 10 februari 2008 13:44