• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
totti

is this virus or some like that?

11 posts in this topic

in my system32 folder these 2 files are:

 

yodkne and shimgvwr

 

when i in safetymode place my cursor over one of them it says somethon about callhome or something so im a bit worried!!

 

help

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

ok here it is:

 

Logfile of HijackThis v1.97.7

Scan saved at 00:27:38, on 2004-05-28

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program\AVPersonal\AVWUPSRV.EXE

C:\Norman\NVC\BIN\ZANDA.EXE

C:\WINDOWS\soundman.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\CtrlVol.exe

C:\Program\Launch Manager\Wbutton.exe

C:\NORMAN\Nvc\BIN\ZLH.EXE

C:\Program\AVPersonal\AVGNT.EXE

C:\WINDOWS\System32\yodkne.exe

C:\NORMAN\Nvc\BIN\NYMSE.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\NORMAN\Nvc\BIN\nvcoas.exe

C:\NORMAN\Nvc\BIN\cclaw.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Thomas Arle\Lokala inställningar\Temp\Temporär katalog 22 för hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hammarbyfotboll.se/2/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Program\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [HotkeyApp] C:\Program\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Program\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [services Process] C:\WINDOWS\system32\config\services.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\Program\AVPersonal\AVGNT.EXE /min

O4 - HKLM\..\Run: [gfwtxmcbw] C:\WINDOWS\System32\yodkne.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: Bluffstopparen.lnk = C:\Program\Bluffstopparen\Bluffstopparen.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: StarCheck - C:\Documents and Settings\Thomas Arle\Mina dokument\htstarcheck.htm

O8 - Extra context menu item: TeamCheck - C:\Documents and Settings\Thomas Arle\Mina dokument\htteamcheck.htm

O9 - Extra button: Informationshanteraren (HKLM)

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8103.0677430556

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} - http://www.microsoft.com/security/controls/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8BA5EF81-816C-4B7A-9278-0E5A3082AF1B}: NameServer = 195.58.112.155 195.58.103.124

Share this post


Link to post
Share on other sites

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\msopt.dll

 

O4 - HKLM\..\Run: [services Process] C:\WINDOWS\system32\config\services.exe

O4 - HKLM\..\Run: [gfwtxmcbw] C:\WINDOWS\System32\yodkne.exe

Reboot, and delete

 

files

C:\WINDOWS\system32\config\services.exe

C:\WINDOWS\System32\yodkne.exe

 

These may be hidden files. See HERE for how to show hidden files.

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0