Just nu i M3-nätverket
Gå till innehåll

Makrill

Medlem
  • Antal inlägg

    43
  • Gick med

  • Senaste besök

Om Makrill

  • Medlemstitel
    Användare
  • Födelsedag 2002-12-31
  1. Makrill

    Media center

    Hej. Nu var det ju ett tag sen den här tråden var, men jag provar. Har samma problem, hur löstes det?
  2. Har problem med skrapigt ljud i media player. Funkar bra med andra spelare. Har även tagit bort media player 11 till 10, men det är samma problem. Kan jag ta bort hela media player och installera nytt på något sätt? Eller andra tipd?
  3. Hej igen. Nu har jag gjort det mesta av det du skrivit och det verkar fungera bra med internet o nätverket. Skall lämna in den externa disken o hoppas att något går att rädda. Ville bara tacka dig Cecilia så jättemycket för hjälpen! Du har löst ett tungt problem i familjen.
  4. senaste loggen på den stationära med extern inkopplad: ComboFix 09-03-15.01 - Administrator 2009-03-18 21:56:01.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1426 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\makrilcf.exe.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *enabled* WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 ))))))))))))))))))))))))))))))) . 2009-03-17 21:11 . 2009-03-17 21:11 <DIR> d-------- C:\makrillcf.exe 2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys 2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat 2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-18 19:37 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-18 19:36 --------- d-----w c:\program files\Google 2009-03-01 17:34 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-01-25 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-18 18:59 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-18 18:59 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-18 18:59 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-18 18:59 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-18 18:59 --------- d-----w c:\program files\Symantec 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2007-12-01 14:47 972,600 ----a-w c:\program files\wmp11setup_muiSve.exe 2007-12-01 13:41 25,755,448 ----a-w c:\program files\wmp11-windowsxp-x86-enu.exe 2007-12-01 13:27 25,761,864 ----a-w c:\program files\wmp11-windowsxp-x86-SV-SE.exe 2007-06-10 14:23 9,453,630 ----a-w c:\program files\vlc-media-player.exe 2006-09-25 17:58 53,248 ----a-w c:\program files\DIAG.EXE 2006-09-06 22:29 317,440 ----a-w c:\program files\00000002.TMP 2006-09-06 22:29 20,482,048 ----a-w c:\program files\00000001.TMP 2006-09-06 22:29 1,228,856 ----a-w c:\program files\00000001.256 2006-09-06 22:29 1,228,856 ----a-w c:\program files\00000000.256 2006-09-06 22:28 874,708,019 ----a-w c:\program files\0compressed.zip 2006-09-06 22:28 28,632 ----a-w c:\program files\common_filelist.txt 2006-09-06 22:15 741,376 ----a-w c:\program files\AutoRun.exe 2006-09-06 22:15 344,064 ----a-w c:\program files\eauninstall.exe 2006-09-06 22:03 6,477,517 ----a-w c:\program files\FIFA07.exe 2006-08-23 17:58 593,920 ----a-w c:\program files\AutoRunGUI.dll 2006-07-07 12:27 25,622 ----a-w c:\program files\fifapc.ico 2006-05-16 21:03 41,472 ----a-w c:\program files\DrvMgt.dll 2006-05-16 21:03 12,528 ----a-w c:\program files\SECDRV.SYS 2003-07-18 07:58 36,992 -c--a-w c:\windows\inf\sisagpx.sys 2003-07-02 03:42 27,904 -c--a-w c:\windows\inf\VIAAGP1.SYS 2008-10-23 16:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102320081024\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_21.15.28,40 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-05 06:54:55 144,896 -c----w c:\windows\system32\dllcache\schannel.dll - 2008-09-15 12:12:56 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys + 2009-02-09 11:13:27 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys - 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll + 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll - 2008-10-27 16:31:20 116,560 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-18 19:36:44 116,560 ----a-w c:\windows\system32\FNTCACHE.DAT - 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe + 2009-02-25 20:54:59 24,768,960 ----a-w c:\windows\system32\MRT.exe - 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll + 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll - 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll - 2007-08-10 18:46:18 26,488 ----a-w c:\windows\system32\spupdsvc.exe + 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe - 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll + 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll + 2009-03-18 19:37:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2c4.dat - 2009-03-17 18:59:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_704.dat + 2009-03-18 19:37:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_704.dat + 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HDAShCut.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 c:\windows\KHALMNPR.Exe] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-20 573440] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2008-11-06 552960] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-10-20 11904] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-08 101936] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-10-20 138816] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-10-20 299776] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-10-20 149504] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-10-20 498176] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-10-20 23552] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888] S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST . Contents of the 'Scheduled Tasks' folder 2009-03-18 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uInternet Connection Wizard,ShellNext = hxxp://www.vicecomputer.se/ uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Öppna på ny flik i bakgrunden - c:\program files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?4f05343cc6dd466fadbaca9b75bf1047 IE: Öppna på ny flik i förgrunden - c:\program files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?4f05343cc6dd466fadbaca9b75bf1047 Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-18 21:57:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-03-18 21:59:25 ComboFix-quarantined-files.txt 2009-03-18 20:59:21 ComboFix2.txt 2009-03-17 20:16:21 Pre-Run: 24 686 968 832 bytes free Post-Run: 24,671,809,536 byte ledigt 175 --- E O F --- 2009-03-17 20:22:49
  5. Nu verkar det som om nätverk och internet funkar ok i båda datorerna. Jag är jättetacksam för din hjälp!!!! Har testat med den externa som du skrev, men det funkade tyvärr inte. Verkar som om datorn inte känner av att jag kopplar in den. Dessutom skall en grön lampa lysa som nu lyser gul, vilket säkert betyder något galet?! Finns något annat att göra för den? Det du skrev om att combofix stänger av cd start och usb start mm. Kan man återställa det på något sätt eller behövs inte det?
  6. Vilken fil tog combofix bort? Någon ide var den kommit från? Norton är 360. ca 2 år gammalt, men uppdaterat och uppgraderat hela tiden. Kopplar jag in den externa i nätverket eller direkt i den bärbara och kör Flash? Kan jag köra combofix på den externa på något sätt?
  7. ComboFix 09-03-15.01 - Administrator 2009-03-17 21:13:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1449 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\makrilcf.exe.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))))) . 2009-03-17 21:11 . 2009-03-17 21:11 <DIR> d-------- C:\makrillcf.exe 2009-03-17 20:03 . 2009-03-17 20:48 <DIR> d-------- c:\windows\LastGood 2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys 2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat 2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 20:15 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-03-17 19:50 --------- d-----w c:\program files\Google 2009-03-01 17:34 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss 2009-01-25 16:21 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-01-18 18:59 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-18 18:59 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-01-18 18:59 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-18 18:59 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-18 18:59 --------- d-----w c:\program files\Symantec 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2007-12-01 14:47 972,600 ----a-w c:\program files\wmp11setup_muiSve.exe 2007-12-01 13:41 25,755,448 ----a-w c:\program files\wmp11-windowsxp-x86-enu.exe 2007-12-01 13:27 25,761,864 ----a-w c:\program files\wmp11-windowsxp-x86-SV-SE.exe 2007-06-10 14:23 9,453,630 ----a-w c:\program files\vlc-media-player.exe 2006-09-25 17:58 53,248 ----a-w c:\program files\DIAG.EXE 2006-09-06 22:29 317,440 ----a-w c:\program files\00000002.TMP 2006-09-06 22:29 20,482,048 ----a-w c:\program files\00000001.TMP 2006-09-06 22:29 1,228,856 ----a-w c:\program files\00000001.256 2006-09-06 22:29 1,228,856 ----a-w c:\program files\00000000.256 2006-09-06 22:28 874,708,019 ----a-w c:\program files\0compressed.zip 2006-09-06 22:28 28,632 ----a-w c:\program files\common_filelist.txt 2006-09-06 22:15 741,376 ----a-w c:\program files\AutoRun.exe 2006-09-06 22:15 344,064 ----a-w c:\program files\eauninstall.exe 2006-09-06 22:03 6,477,517 ----a-w c:\program files\FIFA07.exe 2006-08-23 17:58 593,920 ----a-w c:\program files\AutoRunGUI.dll 2006-07-07 12:27 25,622 ----a-w c:\program files\fifapc.ico 2006-05-16 21:03 41,472 ----a-w c:\program files\DrvMgt.dll 2006-05-16 21:03 12,528 ----a-w c:\program files\SECDRV.SYS 2003-07-18 07:58 36,992 -c--a-w c:\windows\inf\sisagpx.sys 2003-07-02 03:42 27,904 -c--a-w c:\windows\inf\VIAAGP1.SYS 2008-10-23 16:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102320081024\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HDAShCut.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 c:\windows\KHALMNPR.Exe] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-20 573440] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2008-11-06 552960] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2006-10-20 11904] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-08 101936] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2006-10-20 138816] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2006-10-20 299776] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2006-10-20 149504] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2006-10-20 498176] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2006-10-20 23552] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888] S3 cpuz129;cpuz129;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *NewlyCreated* - PCALERTDRIVER *Deregistered* - PCAlertDriver . Contents of the 'Scheduled Tasks' folder 2009-03-17 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uInternet Connection Wizard,ShellNext = hxxp://www.vicecomputer.se/ uSearchURL,(Default) = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Öppna på ny flik i bakgrunden - c:\program files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?4f05343cc6dd466fadbaca9b75bf1047 IE: Öppna på ny flik i förgrunden - c:\program files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?4f05343cc6dd466fadbaca9b75bf1047 Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-17 21:14:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-03-17 21:16:20 ComboFix-quarantined-files.txt 2009-03-17 20:16:17 Pre-Run: 24 682 651 648 bytes free Post-Run: 24,784,027,648 byte ledigt 157 --- E O F --- 2009-03-01 20:00:07
  8. Tillbaka igen.............. Av någon konstig anledning har internet och nätverk börjat funka igen på min bärbara, men inte den stationära. Bifogar en logg från combofix från den. Har kollat igenom filerna du skrev med virustotal och NCTAudiofile samt NCT Wmafile tyckte esafe var suspisious file, men inget av de andra tyckte det. I övrigt ok. Dioderna du frågade om lyser på switch och router. Inga frågetecken eller utropstecken i enhetshanteraren. I mappen CCcleaner finns cc_20090310-170349,registration entries på 730kb-vad det nu är?
  9. Hej. Tror att det var någon vecka efter jag laddade ner Free audio som problemen började. Kommer inte åt datorn förrän senare i helgen, återkommer då
  10. Free audiopack hämtade jag från download.com, tror jag Filkonverterare mp3 wma mm. Var för någon vecka sen. En dum fråga kanske, men jag kan inte ansluta de smittade datorena till nätet alls. Hur skall jag kunna skicka filer till virustotal? På min friska dator går det inte att komma in på den sidan. Trådlöst går inte hellar att ansluta. När jag kollar mer så står det att maskinvaran för nätverk är frånkopplade på allt...? Nätverkskabel ej ansluten, men det e den ju. En annan fråga, jag har ett program som heter Bonjour i programmappen. Vad e det?
  11. Äntligen funkade det. Jag bytte usb minne. Kanske fel på det andra. Här kommer loggen: ComboFix 09-03-10.03 - Administrator 2009-03-12 19:17:15.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1429 [GMT 1:00] Körs från: c:\documents and settings\Administrator\Desktop\makrillcf.exe.exe AV: Norton 360 *On-access scanning disabled* (Updated) FW: Norton 360 *disabled* * Skapade en ny återställningspunkt VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !! . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\NCTAudioInformation2.dll . (((((((((((((((((((((((( Filer Skapade från 2009-02-12 till 2009-03-12 )))))))))))))))))))))))))))))) . 2009-03-10 19:05 . 2009-03-10 19:05 <DIR> d--h----- c:\windows\PIF 2009-03-10 18:12 . 2009-03-10 18:12 <DIR> d-------- C:\CCcleNER SPARADE 2009-03-02 14:33 . 2009-01-09 20:19 1,089,593 --------- c:\windows\system32\dllcache\ntprint.cat 2009-03-01 16:28 . 2009-03-01 16:28 <DIR> d-------- c:\windows\SxsCaPendDel 2009-02-26 19:25 . 2009-02-26 19:25 <DIR> d-------- c:\program files\Free Audio Pack 2009-02-26 19:20 . 2002-12-03 03:02 491,520 --a------ c:\windows\system32\NCTAudioFile.dll 2009-02-26 19:20 . 2008-09-24 20:33 484,352 --a------ c:\windows\system32\lame_enc.dll 2009-02-26 19:20 . 2003-03-25 15:08 286,720 --a------ c:\windows\system32\NCTWMAFile2.dll 2009-02-26 19:20 . 2002-12-03 03:07 168,448 --a------ c:\windows\system32\NCTAudioPlayer.dll 2009-02-26 19:20 . 2002-12-03 03:11 143,872 --a------ c:\windows\system32\NCTWMAFile.dll 2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys 2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat 2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 18:34 3,532 ----a-w C:\drmHeader.bin 2009-02-19 10:31 31,280 ----a-w c:\windows\system32\drivers\SymIM.sys 2009-02-14 11:36 22,592 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT 2009-01-30 14:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search 2009-01-22 07:25 120,064 ----a-w c:\windows\system32\drivers\Rtenicxp.sys 2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-16 13:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll 2009-01-10 11:15 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-09-02 19:58 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090220080903\index.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-01-02 49152] "PowerForPhone"="c:\program files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-01-03 561152] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2005-11-08 17920] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945] "ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2005-12-05 86016] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-02-09 49520] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 ITECIRService;ITE Remote Control Service;c:\windows\system32\RemoteControlService.exe [2006-10-31 656384] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352] R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2006-10-31 692992] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-12 101936] R3 ITECIR;ITE CIR Driver;c:\windows\system32\drivers\ITECIR.sys [2006-10-31 7366] R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [2006-10-31 702326] R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-10-31 4790] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888] S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [2009-01-05 87296] --- Övriga tjänster/drivrutiner i minnet --- *NewlyCreated* - COMHOST [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Innehållet i mappen 'Schemalagda aktiviteter': 2009-03-12 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.gais.se/ uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-12 19:18:16 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLer som "laddats" under processer som körs --------------------- - - - - - - - > 'winlogon.exe'(1784) c:\windows\system32\Ati2evxx.dll . Sluttid: 2009-03-12 19:19:09 ComboFix-quarantined-files.txt 2009-03-12 18:19:08 Före genomsökningen: 38 772 441 088 bytes free Efter genomsökningen: 38,757,957,632 byte ledigt 153 --- E O F --- 2009-03-05 09:54:32
  12. Jag är oändligt tacksam för alla tips. Har tyvärr inte hunnit med allt hemma ännu, men återkommer.
  13. Hej. Jag sparade ner combofix på ett usb minne och stoppade det i min bärbara. försökte flytta till skrivbordet, men det funkade inte. När jag försökte öppna sa den bara att det är inget win32 program. När jag skulle flytta till skrivbordet sa den att det går inte för filen är skadad eller nåt. När jag klickar på egenskaper på det som sparades ner på usb minnet innehåller filen 0 kb. Dessutom går den inte att ta bort från usb minnet. Har provat att göra om det flera gånger med samma resultat.
×
×
  • Skapa nytt...