Just nu i M3-nätverket
Gå till innehåll

)U(

Medlem
  • Antal inlägg

    9
  • Gick med

  • Senaste besök

  1. Samma resultat som med snabb skanningen.. men aja --- Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Databasversion: 5301 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-12-13 18:34:20 mbam-log-2010-12-13 (18-34-11).txt Skanningstyp: Fullständig skanning (C:\|) Antal skannade objekt: 413719 Förfluten tid: 1 timme(ar), 30 minut(er), 30 sekund(er) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 8 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\program files\FastCap\APIHook1.dll (Trojan.Downloader) -> No action taken. c:\program files (x86)\alien shooter 2 - conscription\uninstall.exe (Malware.Packer.Krunchy) -> No action taken. c:\SPEL\reflexive games\aqua bubble 1 + crack\Crack\aquabubble.exe (Malware.Packer.Gen) -> No action taken. c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winepm32.rom (Trojan.Nebuler) -> No action taken. c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winrjr32.rom (Trojan.Nebuler) -> No action taken. c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\wintcm32.rom (Trojan.Nebuler) -> No action taken. c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winwiz32.rom (Trojan.Nebuler) -> No action taken. c:\Windows.old\documents and settings\Jokuc\application data\desktopicon\ebayshortcuts.exe (Adware.ADON) -> No action taken. ---------- Raderade: c:\program files\FastCap\APIHook1.dll c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winepm32.rom c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winrjr32.rom c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\wintcm32.rom c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winwiz32.rom c:\Windows.old\documents and settings\Jokuc\application data\desktopicon\ebayshortcuts.exe De andra 2 sparade jag, du kanske fattar varför
  2. 1. Hämtade från microsoft's hemsida. 3. 0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL Precis så blir det.. aja, ska fixa bluescreenview och se vad vi får fram 6. Ingen aning vet ej vad de är till för.. Men om inget sabbas kan jag ta bort dem Ingen aning, hittar ej mappen. Har testat söka efter dolda, skrivskyddade etc.
  3. Kör 1,2,3 stilen igen 1. Hm, bra fråga.. Vet inte. 3. Hinner liksom inte skriva av, den försvinner efter 10 sekunder typ. Men fick denna information av datan idag: Problemsignatur: Problemhändelsens namn: BlueScreen OS-version: 6.1.7600.2.0.0.768.3 Språkvariant-ID: 1053 Ytterligare information om problemet: BCCode: d1 BCP1: FFFFF8A00A123298 BCP2: 0000000000000002 BCP3: 0000000000000000 BCP4: FFFFF8800124CFA9 OS Version: 6_1_7600 Service Pack: 0_0 Product: 768_1 Filer som hjälper till att beskriva problemet: C:\Windows\Minidump\121210-29671-01.dmp C:\Users\johannes\AppData\Local\Temp\WER-48828-0.sysdata.xml 5. Installerade det igår, fick tips av en polare. Men läste i ett forum idag att den ej var bra så jag avinstallerade 6. winepm32.rom winrjr32.rom wintcm32.rom winwiz32.rom
  4. 1. Jag har ingen aning om vad C:\Windows\SysWow64\xactengine3_3.dll är för något. 2. Det är ett litet script jag gjorde när jag hade tråkigt hehe 3. Jag har bara observerat att det står 0*0000D1 (eller liknande) 4. Norton har bara hittat en sak, och det är en crack till ett spel. Blåskärmen började komma innan jag installerade spelet. 5. Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Databasversion: 5301 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2010-12-12 18:28:27 mbam-log-2010-12-12 (18-28-27).txt Skanningstyp: Snabbskanning Antal skannade objekt: 155437 Förfluten tid: 5 minut(er), 23 sekund(er) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 3 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: c:\$Recycle.Bin\s-1-5-21-3836474734-320556758-2751122660-1000\$RLL1JK1.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\$Recycle.Bin\s-1-5-21-3836474734-320556758-2751122660-1000\$rwsc43c.part (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\explorer.exe.back (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. 6. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6415 # api_version=3.0.2 # EOSSerial=ae979850dcf3ed449726cfacfadb1c24 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-12-12 09:21:25 # local_time=2010-12-12 10:21:25 (+0100, Västeuropa, normaltid) # country="Sweden" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=3588 16777214 85 83 13601712 31756121 0 0 # compatibility_mode=5893 16776574 100 94 32750101 43805941 0 0 # compatibility_mode=7937 16777213 100 100 333050 3515475 0 0 # compatibility_mode=8192 67108863 100 0 448 448 0 0 # scanned=272249 # found=34 # cleaned=0 # scan_time=12793 C:\$Recycle.Bin\S-1-5-21-3836474734-320556758-2751122660-1000\$RXBBO9H.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BitLord\Downloads\Sony Vegas Pro 9.0c Build 896 32+64bit (Includes working keygen)\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\decryptor_module.dll Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\SPEL\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\SPEL\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\SPEL\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I C:\SPEL\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I C:\SPEL\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\Temp\mia935.tmp\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\Temp\mia935.tmp\data\OFFLINE\FB000E7F\DBD9B16A\decryptor_module.dll Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winepm32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winrjr32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\wintcm32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winwiz32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\Downloads\CheatEngine561.exe multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\Downloads\password-recovery-for-msn-setup(2).exe a variant of Win32/PSWTool.MSNPasswordRecovery.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\johannes\Downloads\password-recovery-for-msn-setup.exe a variant of Win32/PSWTool.MSNPasswordRecovery.A application (unable to clean) 00000000000000000000000000000000 I C:\Windows.old\Documents and Settings\Jokuc\Application Data\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Windows.old\Documents and Settings\Jokuc\Lokala inställningar\Temp\FFSetup210.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I ${Memory} Win32/RegistryBooster application 00000000000000000000000000000000 I
  5. Blåskärmen började komma kanske en vecka efter jag installerade det. (Är rätt säker på att det inte är orsaken) Tog lite fel på tiden ----------- DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by johannes at 18:49:56,53 on 2010-12-10 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4096.2950 [GMT 1:00] SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\PROGRAM FILES (X86)\SWEETIM\MESSENGER\SWEETIM.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\WINDOWS\SYSTEM32\WUAUCLT.EXE C:\WINDOWS\SYSTEM32\TASKENG.EXE C:\USERS\JOHANNES\DESKTOP\DDS.SCR C:\WINDOWS\SYSTEM32\CONHOST.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE ============== Pseudo HJT Report =============== mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe, BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" dRunOnce: [<NO NAME>] StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Konvertera länkmål till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera länkmål till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera markering till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera markering till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera valda länkar till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konvertera valda länkar till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys [2010-7-7 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys [2010-7-7 221232] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-6-18 942640] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys [2010-7-7 615040] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSviA64.sys [2010-7-8 463408] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys [2010-7-7 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys [2010-7-7 451120] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-7-7 126392] R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696] R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-28 132656] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-9 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] =============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2019-11-13 10:53:01 -------- d-----w- C:\$WIN_NT$.~BT 2010-12-10 17:13:32 388096 ----a-r- C:\Users\johannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-10 17:13:31 -------- d-----w- C:\Program Files (x86)\Trend Micro 2010-12-09 17:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-12-09 17:27:39 -------- d-----w- C:\Users\johannes\AppData\Local\Microsoft Help 2010-12-09 17:00:36 -------- d-----w- C:\8fa31e1f600b1981bfa4f90a583fe47e 2010-12-09 16:55:40 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2010-12-09 16:55:40 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2010-12-09 16:55:40 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2010-12-09 16:55:40 444752 ----a-w- C:\Windows\System32\mscoree.dll 2010-12-09 16:55:40 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2010-12-09 16:55:40 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2010-12-09 16:55:40 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2010-12-09 16:55:40 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2010-12-09 16:55:40 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2010-12-09 16:55:40 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2010-12-09 16:52:50 -------- d-----w- C:\Windows\sv 2010-12-09 16:49:37 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2010-12-09 16:48:36 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2010-12-09 16:48:18 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer 2010-12-09 16:36:51 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467445e01cb97bf2d\InstallManager_WLE_WLE.exe 2010-12-09 16:36:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\371b97b01cb97bf23\MeshBetaRemover.exe 2010-12-09 16:35:58 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DSETUP.dll 2010-12-09 16:35:58 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DXSETUP.exe 2010-12-09 16:35:58 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\dsetup32.dll 2010-12-09 16:35:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DSETUP.dll 2010-12-09 16:35:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DXSETUP.exe 2010-12-09 16:35:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\dsetup32.dll 2010-12-09 16:35:17 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec02bf01cb97bf0f\Silverlight.4.0.exe 2010-12-09 16:34:39 -------- d-----w- C:\Users\johannes\AppData\Local\Windows Live 2010-12-09 16:34:16 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll 2010-12-09 16:34:16 206848 ----a-w- C:\Windows\System32\mfps.dll 2010-12-09 16:34:16 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2010-12-09 16:34:15 4068864 ----a-w- C:\Windows\System32\mf.dll 2010-12-09 16:34:15 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2010-12-09 16:34:15 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2010-12-09 16:34:14 3181568 ----a-w- C:\Windows\SysWow64\mf.dll 2010-12-09 16:15:54 340992 ----a-w- C:\Windows\System32\schannel.dll 2010-12-09 16:15:53 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2010-12-09 16:15:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll 2010-12-09 16:15:51 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll 2010-12-09 16:15:50 148992 ----a-w- C:\Windows\System32\t2embed.dll 2010-12-09 16:15:50 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2010-12-09 16:15:45 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2010-12-09 16:15:45 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2010-12-09 16:15:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2010-12-09 16:15:43 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2010-12-09 16:14:49 3123712 ----a-w- C:\Windows\System32\win32k.sys 2010-12-08 17:24:03 -------- d-----w- C:\Windows\pss 2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest 2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds 2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged 2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme 2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter 2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade 2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield 2010-11-23 19:03:47 -------- d-----w- C:\Users\johannes\AppData\Local\The Lord of the Rings Online 2010-11-23 13:34:28 -------- d-----w- C:\Program Files (x86)\Codemasters 2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06 2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision 2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll 2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll 2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c 2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite ==================== Find3M ==================== 2010-11-01 10:50:42 356352 ----a-w- C:\Windows\eSellerateEngine.dll 2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL 2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL ============= FINISH: 18:51:09,68 ===============
  6. Ja, tyverr upptäckte jag också att det var ej det som orsakade bluescreen. Blåskärm problemen startade för ungefär en månad sen tror jag. --------------- [log]DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by johannes at 18:49:56,53 on 2010-12-10 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4096.2950 [GMT 1:00] SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\PROGRAM FILES (X86)\SWEETIM\MESSENGER\SWEETIM.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\WINDOWS\SYSTEM32\WUAUCLT.EXE C:\WINDOWS\SYSTEM32\TASKENG.EXE C:\USERS\JOHANNES\DESKTOP\DDS.SCR C:\WINDOWS\SYSTEM32\CONHOST.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE ============== Pseudo HJT Report =============== mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe, BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" dRunOnce: [] StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Konvertera länkmål till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera länkmål till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera markering till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera markering till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera valda länkar till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konvertera valda länkar till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys [2010-7-7 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys [2010-7-7 221232] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-6-18 942640] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys [2010-7-7 615040] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSviA64.sys [2010-7-8 463408] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys [2010-7-7 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys [2010-7-7 451120] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-7-7 126392] R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696] R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-28 132656] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-9 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] =============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2019-11-13 10:53:01 -------- d-----w- C:\$WIN_NT$.~BT 2010-12-10 17:13:32 388096 ----a-r- C:\Users\johannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-10 17:13:31 -------- d-----w- C:\Program Files (x86)\Trend Micro 2010-12-09 17:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-12-09 17:27:39 -------- d-----w- C:\Users\johannes\AppData\Local\Microsoft Help 2010-12-09 17:00:36 -------- d-----w- C:\8fa31e1f600b1981bfa4f90a583fe47e 2010-12-09 16:55:40 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2010-12-09 16:55:40 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2010-12-09 16:55:40 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2010-12-09 16:55:40 444752 ----a-w- C:\Windows\System32\mscoree.dll 2010-12-09 16:55:40 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2010-12-09 16:55:40 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2010-12-09 16:55:40 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2010-12-09 16:55:40 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2010-12-09 16:55:40 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2010-12-09 16:55:40 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2010-12-09 16:52:50 -------- d-----w- C:\Windows\sv 2010-12-09 16:49:37 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2010-12-09 16:48:36 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2010-12-09 16:48:18 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer 2010-12-09 16:36:51 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467445e01cb97bf2d\InstallManager_WLE_WLE.exe 2010-12-09 16:36:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\371b97b01cb97bf23\MeshBetaRemover.exe 2010-12-09 16:35:58 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DSETUP.dll 2010-12-09 16:35:58 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DXSETUP.exe 2010-12-09 16:35:58 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\dsetup32.dll 2010-12-09 16:35:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DSETUP.dll 2010-12-09 16:35:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DXSETUP.exe 2010-12-09 16:35:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\dsetup32.dll 2010-12-09 16:35:17 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec02bf01cb97bf0f\Silverlight.4.0.exe 2010-12-09 16:34:39 -------- d-----w- C:\Users\johannes\AppData\Local\Windows Live 2010-12-09 16:34:16 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll 2010-12-09 16:34:16 206848 ----a-w- C:\Windows\System32\mfps.dll 2010-12-09 16:34:16 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2010-12-09 16:34:15 4068864 ----a-w- C:\Windows\System32\mf.dll 2010-12-09 16:34:15 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2010-12-09 16:34:15 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2010-12-09 16:34:14 3181568 ----a-w- C:\Windows\SysWow64\mf.dll 2010-12-09 16:15:54 340992 ----a-w- C:\Windows\System32\schannel.dll 2010-12-09 16:15:53 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2010-12-09 16:15:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll 2010-12-09 16:15:51 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll 2010-12-09 16:15:50 148992 ----a-w- C:\Windows\System32\t2embed.dll 2010-12-09 16:15:50 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2010-12-09 16:15:45 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2010-12-09 16:15:45 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2010-12-09 16:15:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2010-12-09 16:15:43 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2010-12-09 16:14:49 3123712 ----a-w- C:\Windows\System32\win32k.sys 2010-12-08 17:24:03 -------- d-----w- C:\Windows\pss 2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest 2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds 2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged 2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme 2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter 2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade 2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield 2010-11-23 19:03:47 -------- d-----w- C:\Users\johannes\AppData\Local\The Lord of the Rings Online 2010-11-23 13:34:28 -------- d-----w- C:\Program Files (x86)\Codemasters 2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06 2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision 2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll 2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll 2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c 2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite ==================== Find3M ==================== 2010-11-01 10:50:42 356352 ----a-w- C:\Windows\eSellerateEngine.dll 2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL 2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL ============= FINISH: 18:51:09,68 ===============[/log]
  7. Nej, bluescreen problemen kom långt innan jag installerade det. Det kom precis innan jag installerade Spyware Terminator. Tror att det ska vara uppdaterat i alla fall Startade HijackThis scan och då kom detta upp: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this." -------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:50:49, on 2010-12-09 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - Startup: password.vbs O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASP.NET tillståndstjänst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
  8. Jag kanske failar lite nu, hängde inte helt med men jag hittade detta: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MSSMSGS=rundll32.exe winrjr32.rom,iUEBIZ Tog bort det men blue screen skiten kommer fortfarande fram.. Om jag fattade rätt så ska jag klistra in DDS.txt här.. DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by spiderpig at 22:57:27,19 on 2010-12-08 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4096.2781 [GMT 1:00] SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe C:\Windows\explorer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\johannes\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe, BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" uRun: [MSSMSGS] rundll32.exe winrjr32.rom,iUEBIZ uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" dRunOnce: [<NO NAME>] StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Crawler Search - tbr:iemenu IE: Konvertera länkmål till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera länkmål till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera markering till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera markering till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera valda länkar till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konvertera valda länkar till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB-X64: {7C5C0F58-E061-457D-9033-77307F5ED00C} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys [2010-7-7 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys [2010-7-7 221232] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-6-18 942640] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys [2010-7-7 615040] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSviA64.sys [2010-7-8 463408] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys [2010-7-7 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys [2010-7-7 451120] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2010-8-22 101048] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-7-7 126392] R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696] R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-7 132656] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?] =============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2019-11-13 10:53:01 -------- d-----w- C:\$WIN_NT$.~BT 2010-12-08 17:24:03 -------- d-----w- C:\Windows\pss 2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest 2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds 2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged 2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme 2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter 2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade 2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield 2010-11-23 19:03:47 -------- d-----w- C:\Users\johannes\AppData\Local\The Lord of the Rings Online 2010-11-23 13:34:28 -------- d-----w- C:\Program Files (x86)\Codemasters 2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06 2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision 2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll 2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll 2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c 2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2010-11-09 00:43:33 -------- d-----w- C:\Program Files (x86)\Celestia ==================== Find3M ==================== 2010-11-01 10:50:42 356352 ----a-w- C:\Windows\eSellerateEngine.dll ============= FINISH: 22:58:16,40 =============== Ska jag bifoga Attach.txt som .zip? (Satte lösen "123") Eller är jag helt ute och cycklar? attach.zip
  9. Har problem med att datorn (W7 64-bit) startar om sig själv och blue screen dyker upp. När jag loggar in så visas: "RunDLL Det uppstod ett problem med starten av winrjr32.rom Det gick inte att hitta den angivna modulen" hm?
×
×
  • Skapa nytt...