Jump to content


Photo

is this virus or some like that?


  • Please log in to reply
10 replies to this topic

#1 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 27 May 2004 - 05:58 AM

in my system32 folder these 2 files are:

yodkne and shimgvwr

when i in safetymode place my cursor over one of them it says somethon about callhome or something so im a bit worried!!

help

#2 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 27 May 2004 - 06:18 AM

bump

#3 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 27 May 2004 - 08:11 AM

well, should i delete them or what????????????????

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 27 May 2004 - 05:00 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 27 May 2004 - 05:28 PM

ok here it is:

Logfile of HijackThis v1.97.7
Scan saved at 00:27:38, on 2004-05-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program\AVPersonal\AVWUPSRV.EXE
C:\Norman\NVC\BIN\ZANDA.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Launch Manager\LaunchAp.exe
C:\Program\Launch Manager\HotkeyApp.exe
C:\Program\Launch Manager\CtrlVol.exe
C:\Program\Launch Manager\Wbutton.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Program\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\yodkne.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Thomas Arle\Lokala inställningar\Temp\Temporär katalog 22 för hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hammarbyfotboll.se/2/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\services.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gfwtxmcbw] C:\WINDOWS\System32\yodkne.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Bluffstopparen.lnk = C:\Program\Bluffstopparen\Bluffstopparen.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StarCheck - C:\Documents and Settings\Thomas Arle\Mina dokument\htstarcheck.htm
O8 - Extra context menu item: TeamCheck - C:\Documents and Settings\Thomas Arle\Mina dokument\htteamcheck.htm
O9 - Extra button: Informationshanteraren (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8103.0677430556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA5EF81-816C-4B7A-9278-0E5A3082AF1B}: NameServer = 195.58.112.155 195.58.103.124

#6 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 28 May 2004 - 03:59 AM

bump


well heeelp

#7 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 28 May 2004 - 07:23 AM

bump

heeeeeeeeeloo

#8 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 28 May 2004 - 04:20 PM

bump

#9 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 29 May 2004 - 04:41 AM

bump

#10 totti

totti

    Member

  • Full Member
  • Pip
  • 79 posts

Posted 29 May 2004 - 09:00 AM

bump

anyone?

#11 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 29 May 2004 - 02:36 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll

O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\services.exe
O4 - HKLM\..\Run: [gfwtxmcbw] C:\WINDOWS\System32\yodkne.exe

Reboot, and delete

files
C:\WINDOWS\system32\config\services.exe
C:\WINDOWS\System32\yodkne.exe

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button