Just nu i M3-nätverket
Gå till innehåll

Parbj

Medlem
  • Antal inlägg

    16
  • Gick med

  • Senaste besök

Om Parbj

  • Medlemstitel
    Användare

Profil

  • Ort
    Linköping
  1. Nu behöver jag råd och assistans. Jag har kört fast. Information om min dator: Min dator: SONY VAIO VPCCW1S1E/B Processor: Intel® Core2 Duo CPU P7450 2.13GHz RAM: 4.00 GB O/S: WINDOWS 7 64bit Ljud: RealTek HighDefAudio Grafik: NVIDIA GeForce GT 230M Problem: Egentligen har jag haft samma symtom sedan start i januari 2010, men det har varit perioder som allt varit lugnt. Nu har ljudet börjat spöka igen. När jag spelar upp ljud (videofiler, Spotify, videostreaming, MP3 etc) uppstår knaster och fula ljud. Ofta öker knastret om jag samtidigt använder datorn till t.ex. Internet eller Office. Utan förvarning kan jag få en BSOD. Detta sker varannan månad och senast idag med följande information: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Problemsignatur: Problemhändelsens namn: BlueScreen OS-version: 6.1.7600.2.0.0.768.3 Språkvariant-ID: 1053 Ytterligare information om problemet: BCCode: d1 BCP1: 0000000000000008 BCP2: 0000000000000002 BCP3: 0000000000000000 BCP4: FFFFF88005691958 OS Version: 6_1_7600 Service Pack: 0_0 Product: 768_1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Information i loggen: Loggnamn: System Källa: Microsoft-Windows-Kernel-Power Datum: 2011-02-12 14:53:03 Händelse-ID: 41 Aktivitetskategori:(63) Nivå: Kritisk Nyckelord: (2) Användare: SYSTEM Dator: Pär-VAIO Beskrivning: Datorn har startats om utan att ha stängts av ordentligt först. Det här felet kan orsakas om datorn har slutat svara, om den har crashat eller om strömförsörjningen oväntat bryts. Händelsens XML-data: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>41</EventID> <Version>2</Version> <Level>1</Level> <Task>63</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000002</Keywords> <TimeCreated SystemTime="2011-02-12T13:53:03.519629900Z" /> <EventRecordID>178239</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="8" /> <Channel>System</Channel> <Computer>Pär-VAIO</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="BugcheckCode">209</Data> <Data Name="BugcheckParameter1">0x8</Data> <Data Name="BugcheckParameter2">0x2</Data> <Data Name="BugcheckParameter3">0x0</Data> <Data Name="BugcheckParameter4">0xfffff88005691958</Data> <Data Name="SleepInProgress">false</Data> <Data Name="PowerButtonTimestamp">0</Data> </EventData> </Event> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx BSOD inträffar oavsett vad jag gör med datorn. Det har t.ex. hänt nattetid när datorn varit i vänteläge. Jag har felsökt problemet på nätet och inser att det är oerhört svårt att lösa. Alla drivrutinerar är uppdaterade, likaså BIOS. Windows har jag ominstallerat vid ett tillfälle. På jakt efter svar fann jag DPC Latency Checker som visar på extremt mycket röda staplar med ett värde som ofta ligger på 8000 us. Jag har avaktiverat enheter, men kan inte direkt skåda en förändring. I skrivande stund när inget ljud spelas ligger nivåerna runt 2000 us, men röda staplar dyker upp rätt ofta ändå. Få gröna. Jag har misstänkt ett samband mellan ljudkort, grafikkort och nätverkskortet. Är det konflikter? Varför denna höga DPC latency? Ska jag vara orolig? Datorn fungerar övrigt alldeles utmärkt. Upplever den inte som särskilt långsam. Ibland förlorar jag min trådlösa uppkoppling, men detta har jag tänkt varit dålig kontakt mellan dator och router. Vad ska jag göra? Vilken mer information kan ni, som jag hoppas hjälper mig, behöva? Tack, Pär
  2. Jag har problem med min två år gamla HP Pavilion 3100. När jag drar ur nätsladden stänger datorn av sig direkt och den går inte heller starta upp utan el från väggen. Vanligtvis ställer sig datorn i vänteläge och använder batteriet. Däremot talar Windows XP om att batteriet är laddat till 100%. Batteriet har aldrig varit särskilt bra, utan batteritiden har under senaste året legat på 5 minuter vid normal användning. Vad har hänt? Är batteriet helt slut eller glappar det? Vad göra?
  3. Nu är Java uppdaterat, Sweet IM avinstallerat och lösenord till MSN bytt. Hittills verkar det lugnt.
  4. Done! Fanns det nåt annat i loggarna som såg misstänkt ut?
  5. Hej. Min sambos dator har fått ett virus och skickar via MSN ut länkar i stil med "http:// susanna.pics3.info". MSN avslutar sig själv och meddelar att användaren loggat in från annan dator. Vi har scannat med antivirus och spyware-program som inte lyckas hitta något. Jag har använt 3 log-program och bifogar loggarna här för att se om ni kan hitta något: [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:45, on 2008-03-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vaio-link.com/vu/ind.asp?u=m&h=0809 R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''LOCAL SERVICE'') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''NETWORK SERVICE'') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ''Tools'' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra ''Tools'' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/ O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8A1971E7-602C-45EB-AB35-A14214B1DA48}: NameServer = 81.26.229.3,192.168.0.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe -- End of file - 12891 bytes[/log] [log]11:34 2008-03-24ComboFix 08-03-23.5 - Fredrik 2008-03-24 11:19:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.174 [GMT 1:00] Running from: C:\Documents and Settings\Fredrik\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Script messages for sUBs -- CF9556.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat" VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* CF9556.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat" VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" CF9556.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 11:14 . 2008-03-24 11:14 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-21 11:25 . 2008-03-21 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-21 11:24 . 2008-03-21 11:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-21 11:24 . 2008-03-21 11:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-21 11:24 . 2008-03-21 11:24 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\SUPERAntiSpyware.com 2008-03-14 22:49 . 2008-03-21 15:58 <DIR> d-------- C:\Program Files\AviSynth 2.5 2008-03-09 13:40 . 2008-03-09 13:40 <DIR> d-------- C:\Program Files\uTorrent 2008-03-09 13:40 . 2008-03-21 20:50 <DIR> d-------- C:\Documents and Settings\Fredrik\Application Data\uTorrent 2008-03-09 13:24 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-03-09 13:22 . 2008-03-09 13:22 <DIR> d-------- C:\Program Files\MSBuild 2008-03-09 13:20 . 2008-03-09 13:20 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-03-09 13:17 . 2008-03-09 13:17 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-03-09 13:16 . 2008-03-09 13:21 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-03-09 13:13 . 2008-03-14 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-09 13:11 . 2008-03-09 13:11 <DIR> dr-h----- C:\MSOCache 2008-03-02 15:07 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-02 15:07 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-02 15:07 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-02 02:50 . 2008-03-02 02:53 <DIR> d-------- C:\Program Files\Windows Live 2008-03-02 02:50 . 2008-03-02 02:50 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-02 02:49 . 2008-03-02 02:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 10:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-21 15:01 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-03-21 09:41 --------- d-----w C:\Program Files\Norton Internet Security 2008-03-14 21:49 --------- d-----w C:\Program Files\Red Kawa 2008-03-09 23:07 --------- d-----w C:\Documents and Settings\Fredrik\Application Data\Azureus 2008-03-09 12:30 --------- d-----w C:\Program Files\OpenOffice.org 2.1 2008-03-09 12:22 --------- d-----w C:\Program Files\Microsoft Works 2008-02-24 14:44 --------- d-----w C:\Program Files\DC++ . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 08:56 6746112] "RTHDCPL"="RTHDCPL.EXE" [2005-06-29 05:25 14720000 C:\WINDOWS\RTHDCPL.EXE] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 06:56 45056] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-01 11:01 52840] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 16:49 49152] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-09 18:38 180269] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 10:07 40960] "RegistryMechanic"="" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Fredrik\Start Menu\Programs\StartupLast.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-31 10:35:52 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] --a------ 2005-03-03 20:47 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bredbandsbolaget Servicecenter] --a------ 2006-12-19 01:44 184320 C:\Program Files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2004-05-12 14:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2004-02-12 12:38 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-05-09 18:38 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\Program Files\\Bredbandsbolaget\\Servicecenter\\Bredbandsbolaget.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47] R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:08] R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 12:55] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 12:55] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 12:55] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 12:56] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 12:56] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 12:56] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 12:56] *Newly Created Service* - COMHOST . Contents of the ''Scheduled Tasks'' folder "2008-02-09 22:29:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-21 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - Siba Götaplatsen.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 11:22:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-24 11:24:03 ComboFix-quarantined-files.txt 2008-03-24 10:23:55 . 2008-03-14 20:04:43 --- E O F --- [/log] [log]MSNFix 1.686 C:\Documents and Settings\Fredrik\Desktop\MSNFix\MSNFix Sokningen var klar pa 2008-03-24 - 11:26:18,31 By Fredrik normalt lage ************************ Kollar filer Inga Filer Funna ************************ Kollar mappar Inga Mappar Funna ************************ Misstankta Filer Inga Filer Funna ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Gjord av : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- [/log] Gjort så länken inte är klickbar längre. Cecilia - Moderator för Virus – Antivirus [inlägget ändrat 2008-03-24 12:48:29 av Cecilia]
  6. Vad skönt. Problemet har tidigare varit problem när Windows startats, men eftersom det inte är min dator vet jag ej detaljer. Norton, som jag helt tagit bort, kan ha spökat och AVG hittade en trojansk häst som togs bort. Så allt är förhoppningsvis i sin ordning nu. Tack för hjälp.
  7. Fil STDSB.sys mottagen 2008.03.19 18:42:08 (CET) Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD Resultat: 0/31 (0%) Övrig information File size: 11279 bytes MD5: 2ca47d29fbbce849a0719c2488aa98e6 SHA1: c5ff2b4bf695310cd3b60295f1b3a3c2e5672501 PEiD: -
  8. Tack! Då kommer här en ny hijack-logg samt en ComboFix-logg. [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:13, on 2008-03-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVG7\avgamsvr.exe C:\Program\Grisoft\AVG7\avgupsvc.exe C:\Program\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\system32\slmdmsr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\drivers\STDSB.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program\Grisoft\AVG7\avgcc.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lt.ltag.bibl.liu.se/lib/linkoping/support/plugins/ebraryRdr.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe -- End of file - 7001 bytes[/log] [log]ComboFix 08-03-18.1 - Sara Carlsson 2008-03-19 18:12:12.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.591 [GMT 1:00] Running from: C:\Documents and Settings\Sara Carlsson\Skrivbord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\Icon.exe . ((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))) . 2008-03-19 17:41 . 2008-03-19 17:41 <KAT> d-------- C:\Program\Lavasoft 2008-03-19 17:41 . 2008-03-19 17:41 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-19 17:40 . 2008-03-19 17:40 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard 2008-03-19 17:15 . 2007-12-07 03:14 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-19 17:15 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-03-19 17:15 . 2007-07-01 04:36 1,011,712 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-03-19 17:15 . 2007-12-07 03:14 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-03-19 17:15 . 2007-12-07 03:14 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-03-19 17:15 . 2007-12-07 03:14 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-03-19 17:15 . 2007-12-07 03:14 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-03-19 17:15 . 2007-12-07 03:14 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-03-19 17:15 . 2007-12-06 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-03-19 17:14 . 2008-03-19 17:16 <KAT> d-------- C:\WINDOWS\system32\sv-se 2008-03-19 17:02 . 2008-03-19 17:26 <KAT> d-------- C:\Documents and Settings\Sara Carlsson\Application Data\AVG7 2008-03-19 17:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-19 17:01 . 2008-03-19 17:01 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-03-19 17:01 . 2008-03-19 17:01 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-19 17:01 . 2008-03-19 17:03 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg7 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 16:02 --------- d-----w C:\Program\Java 2008-01-11 05:52 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-12-19 22:57 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 15:39 975360] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00 455168] "SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 17:44 98394] "SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 17:43 688218] "VTTimer"="VTTimer.exe" [2005-03-08 02:33 53248 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-09-14 12:47 167936 C:\WINDOWS\system32\VTTrayp.exe] "STDSB"="C:\WINDOWS\system32\drivers\STDSB.exe" [2003-12-17 15:50 28672] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 17:39 90112 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 12:48 127118] "IntelliPoint"="C:\Program\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088] "Easy-PrintToolBox"="C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 08:20 372736] "AVG7_CC"="C:\Program\Grisoft\AVG7\avgcc.exe" [2008-03-19 17:01 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] "AVG7_Run"="C:\Program\Grisoft\AVG7\avgw.exe" [2008-03-19 17:01 219136] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\skype\\phone\\Skype.exe"= "C:\\Program\\Messenger\\msmsgs.exe"= "C:\\Program\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program\\Grisoft\\AVG7\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 MTC0007_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\drivers\STDSB.sys [2005-08-25 14:00] S2 STDSB;STDSB;C:\WINDOWS\system32\DRIVERS\STDSB.sys [2005-08-25 14:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6290d2d6-55af-11d5-8373-00106066e5d9}] \Shell\AutoRun\command - E:\setupSNK.exe *Newly Created Service* - AAWSERVICE . Contents of the 'Scheduled Tasks' folder "2008-03-19 17:00:03 C:\WINDOWS\Tasks\Master CD_DVD Creator.job" - C:\Apps\SMP\MCDCHECK.EXE "2006-09-16 17:44:14 C:\WINDOWS\Tasks\Påminnelse om registrering 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-09-16 17:44:14 C:\WINDOWS\Tasks\Påminnelse om registrering 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-03-19 17:00:03 C:\WINDOWS\Tasks\Utökad garanti.job" - C:\APPS\SMP\PBCARNOT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 18:13:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-19 18:14:25 ComboFix-quarantined-files.txt 2008-03-19 17:14:15 . 2008-03-19 16:17:20 --- E O F --- [/log]
  9. Hej! Jag har fått uppdraget att hjälpa en vän med hennes "knasiga" dator. Några steg på vägen är jag redan efter att ha installerat bort alla Norton-program och installerat AVG och Ad-Aware. Nu vill jag även ha hjälp att tolka en hijack-logg. Finns det nåt suspekt i den? [log]Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:33:44, on 2008-03-19 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVG7\avgamsvr.exe C:\Program\Grisoft\AVG7\avgupsvc.exe C:\Program\Grisoft\AVG7\avgemc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\WINDOWS\system32\slmdmsr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\system32\drivers\STDSB.exe C:\WINDOWS\system32\drivers\Icon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program\Microsoft IntelliPoint\point32.exe C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe C:\Program\Grisoft\AVG7\avgcc.exe C:\APPS\SMP\SmpSys.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Grisoft\AVG7\avgwb.dat C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Sara Carlsson\Skrivbord\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=SW&range=AD&phase=6&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [sTDSB] C:\WINDOWS\system32\drivers\STDSB.exe O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\drivers\Icon.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [smpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lt.ltag.bibl.liu.se/lib/linkoping/support/plugins/ebraryRdr.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe -- End of file - 7533 bytes[/log]
  10. Nu verkar det fungera som det ska! Fantastiskt. Vad glad jag blir, trots att det inte ens är min egen dator. Har du några praktiska råd för den här datorns ägare vars kunskaper ligger på novis nivå vad gäller datorer och säkerhet?
  11. Ok, Combo-loggen: [log]ComboFix 07-11-08.1 - Administratör 2007-11-13 19:47:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.221 [GMT 1:00] Running from: C:\Documents and Settings\Administratör\Skrivbord\ComboFix.exe Command switches used :: C:\Documents and Settings\Administratör\Skrivbord\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\trgbgqnb.dll C:\WINDOWS\system32\xsleiyoo.dll C:\WINDOWS\system32\ycbeg.bak1 C:\WINDOWS\system32\ycbeg.bak2 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\trgbgqnb.dll C:\WINDOWS\system32\xsleiyoo.dll C:\WINDOWS\system32\ycbeg.bak1 C:\WINDOWS\system32\ycbeg.bak2 . ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 18:50 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala inställningar 2007-11-13 18:50 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala inställningar 2007-11-13 18:50 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala inställningar 2007-11-13 18:50 <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar 2007-11-13 18:50 <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar 2007-11-13 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 18:17 <KAT> d-------- C:\Program\Trend Micro 2007-11-12 17:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-12 17:57 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-12 17:56 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-12 17:56 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2007-11-11 11:25 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-11-11 11:24 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg7 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 15:53 --------- d-----w C:\Program\Delade filer\Symantec Shared 2007-11-10 17:37 --------- d-----w C:\Program\Norton AntiVirus 2007-11-10 15:28 --------- d-----w C:\Program\Symantec 2007-10-21 09:02 --------- d-----w C:\Program\MSN Messenger 2007-09-25 01:00 --------- d-----w C:\Program\Microsoft CAPICOM 2.1.0.2 2007-09-24 05:09 --------- d-----w C:\Program\Windows Live Toolbar 2007-09-24 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D13A6AF7-34E7-4FD8-852E-99F2C94C1089}] C:\WINDOWS\system32\gebcy.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe] "SoundMAXPnP"="C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41] "SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03] "ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 21:10] "UpdateManager"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 01:05] "SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40] "SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 17:33] "eabconfg.cpl"="C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-11 16:13] "CognizanceTS"="C:\Program\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12] "Cpqset"="C:\Program\HPQ\Default Settings\cpqset.exe" [2004-11-19 09:14] "hpWirelessAssistant"="C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-21 13:43] "WatchDog"="C:\Program\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2007-11-10 16:27] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57] "Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06] "6e79dd64"="C:\WINDOWS\system32\xsleiyoo.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00] "MsnMsgr"="~C:\Program\MSN Messenger\MsnMsgr.exe" [] "SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 20:26] C:\Documents and Settings\All Users\Start-meny\Program\AutostartBTTray.lnk - C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe [2004-10-26 11:20:42] DVD Check.lnk - C:\Program\InterVideo\DVD Check\DVDCheck.exe [2005-09-26 19:08:01] HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmmhnjjo] dmmhnjjo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll 2004-11-10 01:19 38912 C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli AsWlnPkg R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASChannel . Contents of the 'Scheduled Tasks' folder "2007-11-13 17:58:02 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" "2007-11-02 20:21:49 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - Administratör.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 19:52:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program\HPQ\Default Settings\cpqset.exe?|????????????9?0?6?4??????? ?4?B????????? ???hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 19:54:30 - machine was rebooted C:\ComboFix2.txt ... 2007-11-13 18:50 . --- E O F ---[/log] NOTERA: Vid omstart dyker RUNDLL-ruta upp. Det gick inte att läsa in C:\WINDOWS\SYSTEM32\xsleiydoo.dll Det går inte att hitta den angivna modulen. [log]Och hijack-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:55:31, on 2007-11-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\IWP\NPFMntor.exe C:\Program\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program\Java\jre1.5.0_06\bin\jusched.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\HPQ\Quick Launch Buttons\EabServr.exe C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Macrogaming\SweetIM\SweetIM.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wuauclt.exe C:\Program\HPQ\SHARED\HPQWMI.exe C:\Program\HP\Digital Imaging\bin\hpqgalry.exe C:\Program\Messenger\msmsgs.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {D13A6AF7-34E7-4FD8-852E-99F2C94C1089} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\Program\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [6e79dd64] rundll32.exe "C:\WINDOWS\system32\xsleiyoo.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?aac6070d80a74febbd4437210e321ba0 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?aac6070d80a74febbd4437210e321ba0 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O20 - Winlogon Notify: dmmhnjjo - dmmhnjjo.dll (file missing) O20 - Winlogon Notify: OneCard - C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 11112 bytes[/log] [inlägget ändrat 2007-11-13 21:09:39 av Parbj]
  12. Norton misslyckas både med att sätta filen i karantän och med att ta bort den. Hijack-loggen har jag postat och Combofix-loggen kommer här: [log]ComboFix 07-11-08.1 - Administratör 2007-11-13 18:28:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.91 [GMT 1:00] Running from: E:\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administratör\Favoriter\Online Security Guide.lnk C:\Documents and Settings\Administratör\Skrivbord\Live Safety Center.lnk C:\Documents and Settings\Administratör\Skrivbord\Online Security Guide.lnk C:\Documents and Settings\All Users\Start-meny\Live Safety Center.lnk C:\Documents and Settings\All Users\Start-meny\Online Security Guide.lnk C:\WINDOWS\system32\__c00EB98D.dat C:\WINDOWS\system32\dmmhnjjo.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 18:26 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 18:17 <KAT> d-------- C:\Program\Trend Micro 2007-11-12 19:25 85,056 --a------ C:\WINDOWS\system32\xsleiyoo.dll 2007-11-12 19:25 81,472 --a------ C:\WINDOWS\system32\trgbgqnb.dll 2007-11-12 17:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-12 17:57 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-12 17:56 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-12 17:56 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2007-11-11 11:25 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-11-11 11:24 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-11 11:24 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-11-05 06:00 120,047 ---hs---- C:\WINDOWS\system32\ycbeg.bak2 2007-11-04 17:59 6,465 ---hs---- C:\WINDOWS\system32\ycbeg.bak1 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 15:53 --------- d-----w C:\Program\Delade filer\Symantec Shared 2007-11-10 17:37 --------- d-----w C:\Program\Norton AntiVirus 2007-11-10 15:28 --------- d-----w C:\Program\Symantec 2007-10-21 09:02 --------- d-----w C:\Program\MSN Messenger 2007-09-25 01:00 --------- d-----w C:\Program\Microsoft CAPICOM 2.1.0.2 2007-09-24 05:09 --------- d-----w C:\Program\Windows Live Toolbar 2007-09-24 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cff4f722-b464-4e74-b853-42f60898c7df}] 2007-11-12 19:25 81472 --a------ C:\WINDOWS\system32\trgbgqnb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D13A6AF7-34E7-4FD8-852E-99F2C94C1089}] C:\WINDOWS\system32\gebcy.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 12:20 C:\WINDOWS\AGRSMMSG.exe] "SoundMAXPnP"="C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11] "SoundMAX"="C:\Program\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41] "SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03] "ATIPTA"="C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 21:10] "UpdateManager"="C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 01:05] "SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 19:40] "SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 19:38] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 17:33] "eabconfg.cpl"="C:\Program\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-11 16:13] "CognizanceTS"="C:\Program\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 19:12] "Cpqset"="C:\Program\HPQ\Default Settings\cpqset.exe" [2004-11-19 09:14] "hpWirelessAssistant"="C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-21 13:43] "WatchDog"="C:\Program\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 15:17] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2007-11-10 16:27] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57] "Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06] "6e79dd64"="C:\WINDOWS\system32\xsleiyoo.dll" [2007-11-12 19:25] "AVG7_CC"="C:\Program\Grisoft\AVG7\avgcc.exe" [2007-11-11 11:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00] "MsnMsgr"="~C:\Program\MSN Messenger\MsnMsgr.exe" [] "SweetIM"="C:\Program\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 20:26] C:\Documents and Settings\All Users\Start-meny\Program\AutostartBTTray.lnk - C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe [2004-10-26 11:20:42] DVD Check.lnk - C:\Program\InterVideo\DVD Check\DVDCheck.exe [2005-09-26 19:08:01] HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38] HP Image Zone Snabbstarta.lnk - C:\Program\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dmmhnjjo] dmmhnjjo.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll 2004-11-10 01:19 38912 C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli AsWlnPkg R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance R2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASChannel . Contents of the ''Scheduled Tasks'' folder "2007-11-13 16:58:04 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" "2007-11-02 20:21:49 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - Administratör.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 18:39:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program\HPQ\Default Settings\cpqset.exe?|????????????9?0?6?4??????? ?4?B????????? ???hLC???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 18:50:12 - machine was rebooted . --- E O F ---[/log] Lagt till LOG-taggar När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som i inläggsfönstret. Cecilia - Moderator för Virus - Antivirus [inlägget ändrat 2007-11-13 19:31:49 av Cecilia]
  13. Här är nya loggen: [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:17:50, on 2007-11-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program\Grisoft\AVG7\avgamsvr.exe C:\Program\Grisoft\AVG7\avgupsvc.exe C:\Program\Grisoft\AVG7\avgemc.exe C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\IWP\NPFMntor.exe C:\Program\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\HPQ\IAM\bin\asghost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program\Java\jre1.5.0_06\bin\jusched.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\HPQ\Quick Launch Buttons\EabServr.exe C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Macrogaming\SweetIM\SweetIM.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\HPQ\SHARED\HPQWMI.exe C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program\Messenger\msmsgs.exe C:\Program\HP\Digital Imaging\bin\hpqgalry.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dmmhnjjo.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O2 - BHO: {fd7c8980-6f24-358b-47e4-464b227f4ffc} - {cff4f722-b464-4e74-b853-42f60898c7df} - C:\WINDOWS\system32\trgbgqnb.dll O2 - BHO: (no name) - {D13A6AF7-34E7-4FD8-852E-99F2C94C1089} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dmmhnjjo.dll (file missing) O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\Program\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [6e79dd64] rundll32.exe "C:\WINDOWS\system32\xsleiyoo.dll",b O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''LOKAL TJÄNST'') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User ''LOKAL TJÄNST'') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''NETWORK SERVICE'') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?aac6070d80a74febbd4437210e321ba0 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?aac6070d80a74febbd4437210e321ba0 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ''Tools'' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00EB98D.dat O20 - Winlogon Notify: dmmhnjjo - dmmhnjjo.dll (file missing) O20 - Winlogon Notify: OneCard - C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\swwkapil.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 12270 bytes[/log] Lagt till LOG-taggar När du har klistrat in en logg så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som i inläggsfönstret. Cecilia - Moderator för Virus - Antivirus [inlägget ändrat 2007-11-13 19:30:36 av Cecilia]
  14. Jag har fått i uppdrag att hjälpa en kompis med hennes virusinfekterade dator. Och hjälp vad den verkar infekterad! Längre ner en hijack-logg, men först lite bakgrundsinformation. - Användaren upptäckte virusproblem i samband med att hennes MSN skickade ut skumma filer i stil med "image22.zip" till vänner på hennes lista. Efter att själv försökt få bort virus med Norton, så misslyckades detta delvis. - Ständigt återkommande från Norton är ett virus med hög risk. Filen nekas åtkomst och kan inte lagas. Objektnamn: C:\WINDOWS\SYSTEM32\__C00EB98D.DAT med Virusnamn: Downloader Där tog jag vid: - Installerade AVG och lät scanna igenom datorn i jakt på virus. AVG hittade fem virus, men inte ovan nämnda fil. Lät AVG sätta de funna virusfilerna i karantän varpå Windows vid nästa omstart började krångla. Detta visade sig bero på en DLL-fil som var virusinfekterad och därmed borttagen. Jag återställde filen igen (namn: xsleyioo.dll). Denna krånglade till det för RUNDLL och fick Explorer att sluta fungera bland annat. För säkershets skull återställte jag även den andra DLL-filen som AVG visade vara infekterad: trgbgqnb.dll Och där står jag ungefär idag! Vågar inte riktigt röra för mycket i grytan dels för att jag inte har tillräcklig kompetens, dels för att det inte är min egen dator och jag vågar inte riskera alltför mycket på eget bevåg. Råd, tips och lösningar mottages gääärna! Här är hijack-loggen: [log]Logfile of HijackThis v1.99.1 Scan saved at 17:49:51, on 2007-11-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program\Grisoft\AVG7\avgamsvr.exe C:\Program\Grisoft\AVG7\avgupsvc.exe C:\Program\Grisoft\AVG7\avgemc.exe C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe C:\Program\Norton AntiVirus\navapsvc.exe C:\Program\Norton AntiVirus\IWP\NPFMntor.exe C:\Program\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program\HPQ\IAM\bin\asghost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program\Java\jre1.5.0_06\bin\jusched.exe C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Synaptics\SynTP\SynTPLpr.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\Program\HPQ\Quick Launch Buttons\EabServr.exe C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Macrogaming\SweetIM\SweetIM.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\MSN Messenger\MsnMsgr.Exe C:\Program\HPQ\SHARED\HPQWMI.exe C:\Program\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\rundll32.exe C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program\Java\jre1.5.0_06\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Messenger\msmsgs.exe C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\Temporär katalog 1 för hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dmmhnjjo.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll O2 - BHO: {fd7c8980-6f24-358b-47e4-464b227f4ffc} - {cff4f722-b464-4e74-b853-42f60898c7df} - C:\WINDOWS\system32\trgbgqnb.dll O2 - BHO: (no name) - {D13A6AF7-34E7-4FD8-852E-99F2C94C1089} - C:\WINDOWS\system32\gebcy.dll (file missing) O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar4.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dmmhnjjo.dll (file missing) O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [updateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\Program\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [6e79dd64] rundll32.exe "C:\WINDOWS\system32\xsleiyoo.dll",b O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Snabbstarta.lnk = C:\Program\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?aac6070d80a74febbd4437210e321ba0 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?aac6070d80a74febbd4437210e321ba0 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00EB98D.dat O20 - Winlogon Notify: dmmhnjjo - dmmhnjjo.dll (file missing) O20 - Winlogon Notify: OneCard - C:\Program\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\swwkapil.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe [/log]
  15. Parbj

    BAD_POOL_HEADER

    Efter att ha råkat ut för en krasch av min laptop, så fattades det bara att även min stationära dator skulle börja krångla också. En extern hårddisk installerades till den stationära ikväll, vilket jag först trodde var anledningen till att jag fick upp BAD_POOL_HEADER på en blå skärm. Efter flera omstarter och användande av MSN, så verkade det mer troligt att det var MSN's funktion "Delade mapp" som strulade till det. Varje gång jag och en kompis skulle starta en delad mapp och dela en fil så stängdes datorn av och den blåa skärmen kom upp. Är detta troligt? Eller kan installationen av en extern hårddisk i en USB-port ligga och spöka i bakgrunden? En återställning till en tidigare tidpunkt när hårddisken inte var installerad hjälpte inte, utan problemet kvarstod. Hur kommer det sig att en så enkel funktion som "Delade mapp" kan ge ett sådant meddelande?? Vad spökar? /Per, sitter som på nålar..
×
×
  • Skapa nytt...