Just nu i M3-nätverket
Gå till innehåll

Cubit

Medlem
  • Antal inlägg

    17
  • Gick med

  • Senaste besök

Om Cubit

  • Medlemstitel
    Användare
  • Födelsedag 1978-10-10

Profil

  • Ort
    Hägersten
  1. Tmactmon.sys hette filen som orsakade blå skärmen.
  2. Hej! Min dator har börjar bete sig konstigt idag. Det började med att mitt antivirus program Trend Micro Security slutade att fungera(Står att det är Offline + att jag inte kan starta den delen där man normal kan starta en manuel scan). Spelar ingen roll om jag gör en omstart av datorn. Sen fick jag en blåskärm och en fil som jag tyvärr inte kommer ihåg pekades ut som orsaken till denna. Sen så har "task baren med startknappen" längst ner hängt sig så att hela "task baren" har start om. (Den försvinner en stund och kommer sen tillbaka igen. Jag har provat att scanna datorn med ESET online scanner utan att hitta något. Dator är ca 1 månad gammal. Kan någon se om det finns något skumt i dessa loggar? Mvh, Göran Loggen från DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2 Run by SmartGoran at 21:40:55 on 2013-01-25 . ============== Running Processes ================ . C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\SolarWinds\TFTP Server\SolarWinds TFTP Server.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Users\SmartGoran\AppData\Local\Pokki\v0.260.9.182\pokki.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Users\SmartGoran\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Users\SmartGoran\AppData\Local\Pokki\v0.260.9.182\pokki.exe C:\Users\SmartGoran\AppData\Local\Pokki\v0.260.9.182\pokki.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Pokki] "C:\Users\SmartGoran\AppData\Local\Pokki\v0.260.9.182\pokki.exe" mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe uPolicies-Explorer: NoDriveAutoRun = dword:0 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{05529D58-5CEE-4184-AD76-76430E4344AE} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{58A91E11-67B3-4F51-9B54-62B7ABC86933} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{58A91E11-67B3-4F51-9B54-62B7ABC86933}\35D6162747F4074796363723 : DHCPNameServer = 192.168.111.1 TCP: Interfaces\{58A91E11-67B3-4F51-9B54-62B7ABC86933}\35D6162747F60747963637027457563747 : DHCPNameServer = 192.168.169.1 TCP: Interfaces\{58A91E11-67B3-4F51-9B54-62B7ABC86933}\44275616D6841636B6 : DHCPNameServer = 77.80.252.35 77.80.253.35 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-mStart Page = hxxp://asus.msn.com x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\SmartGoran\AppData\Roaming\Mozilla\Firefox\Profiles\h9sd2pxt.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.di.com/ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - ExtSQL: 2013-01-02 14:34; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension FF - ExtSQL: 2013-01-18 17:27; {15756614-ffb8-498b-b961-bce537ea94fe}; C:\Users\SmartGoran\AppData\Roaming\Mozilla\Firefox\Profiles\h9sd2pxt.default\extensions\{15756614-ffb8-498b-b961-bce537ea94fe}.xpi . ============= SERVICES / DRIVERS =============== . R? ALSysIO;ALSysIO R? AthBTPort;Atheros Virtual Bluetooth Class R? BBUpdate;BBUpdate R? BTATH_A2DP;Bluetooth A2DP Audio Driver R? btath_avdt;Atheros Bluetooth AVDT Service R? BTATH_HCRP;Bluetooth HCRP Server driver R? BTATH_LWFLT;Bluetooth LWFLT Device R? BTATH_RCP;Bluetooth AVRCP Device R? BtFilter;BtFilter R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) R? fssfltr;fssfltr R? fsssvc;Windows Live Family Safety Service R? HPFXBULKLEDM;HPFXBULKLEDM R? RdpVideoMiniport;Remote Desktop Video Miniport Driver R? SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver R? SkypeUpdate;Skype Updater R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) R? Synth3dVsc;Synth3dVsc R? TsUsbFlt;TsUsbFlt R? TsUsbGD;Remote Desktop Generic USB Device R? tsusbhub;tsusbhub R? WatAdminSvc;Windows Activation Technologies Service R? VGPU;VGPU R? wlcrasvc;Windows Live Mesh remote connections service S? AiCharger;ASUS Charger Driver S? ASMMAP64;ASMMAP64 S? ASUS InstantOn;ASUS InstantOn Service S? AsusUacSvc;Asus process privilege adjust service S? AtherosSvc;AtherosSvc S? ATKWMIACPIIO;ATKWMIACPI Driver S? BBSvc;BingBar Service S? BTATH_BUS;Atheros Bluetooth Bus S? cvhsvc;Client Virtualization Handler S? FanChkService;Fan Filter Checker Service S? HP DS Service;HP DS Service S? HP LaserJet Service;HP LaserJet Service S? Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface S? Intel® ME Service;Intel® ME Service S? iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver S? iusb3hub;Intel® USB 3.0 Hub Driver S? iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver S? jhi_service;Intel® Dynamic Application Loader Host Interface Service S? L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller S? PxHlpa64;PxHlpa64 S? Sftfs;Sftfs S? sftlist;Application Virtualization Client S? Sftplay;Sftplay S? Sftredir;Sftredir S? Sftvol;Sftvol S? sftvsa;Application Virtualization Service Agent S? SmbDrv;SmbDrv S? SolarWinds TFTP Server;SolarWinds TFTP Server S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service S? tmevtmgr;tmevtmgr S? UNS;Intel® Management and Security Application User Notification Service S? VIAHdAudAddService;VIA High Definition Audio Driver Service S? VIAKaraokeService;VIA Karaoke digital mixer Service S? ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent . =============== Created Last 30 ================ . 2013-01-25 20:28:22 -------- d-----w- C:\Windows\pss 2013-01-25 11:51:27 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-01-23 08:02:56 -------- d-----w- C:\ProgramData\Belkin 2013-01-22 06:03:54 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D12BCDFE-5FC2-45ED-AEA7-05B0D833F998}\mpengine.dll 2013-01-21 10:25:17 -------- d-----w- C:\Users\SmartGoran\AppData\Roaming\HpUpdate 2013-01-21 10:24:28 331776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp108.DLL 2013-01-21 10:23:14 193592 ----a-w- C:\Windows\System32\hppdcompio.dll 2013-01-21 10:23:14 167480 ----a-w- C:\Windows\SysWow64\hppccompio.dll 2013-01-21 10:23:13 275968 ----a-w- C:\Windows\System32\hpcpn108.dll 2013-01-21 10:23:12 313344 ----a-w- C:\Windows\SysWow64\hpcc3108.DLL 2013-01-21 10:23:10 507904 ----a-w- C:\Windows\SysWow64\hpcdmc32.DLL 2013-01-21 10:22:47 -------- d-----w- C:\Program Files (x86)\HP 2013-01-21 10:21:44 31768 ----a-w- C:\Windows\System32\drivers\hppdgenio.sys 2013-01-21 10:21:44 22040 ----a-w- C:\Windows\System32\drivers\hppdbulkio.sys 2013-01-21 10:21:42 751160 ----a-w- C:\Windows\SysWow64\hpptsp10.dll 2013-01-21 10:21:42 568888 ----a-w- C:\Windows\System32\hpwia2_lj100m175.dll 2013-01-21 10:21:42 235008 ----a-w- C:\Windows\System32\hpmldm02.dll 2013-01-21 10:21:42 217656 ----a-w- C:\Windows\System32\hppscancoins64.dll 2013-01-21 10:21:42 1150520 ----a-w- C:\Windows\System32\hpptsp10_x64.dll 2013-01-21 10:21:39 311296 ----a-w- C:\Windows\System32\hpbcoins64.dll 2013-01-19 19:54:26 -------- d-----w- C:\Users\SmartGoran\AppData\Roaming\.minecraft 2013-01-19 19:54:25 -------- d-----w- C:\Users\SmartGoran\AppData\Roaming\NVIDIA 2013-01-18 16:03:05 -------- d-----w- C:\Users\SmartGoran\AppData\Roaming\IrfanView 2013-01-18 16:03:04 -------- d-----w- C:\Program Files (x86)\IrfanView 2013-01-18 15:13:42 -------- d-----w- C:\Program Files (x86)\MeeSoft 2013-01-18 12:08:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-18 09:50:21 -------- d-----w- C:\Users\SmartGoran\AppData\Local\Wisdom-soft 2013-01-17 14:56:00 -------- d-----w- C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free 2013-01-14 11:41:40 -------- d-----w- C:\ProgramData\Affinegy 2013-01-14 11:41:40 -------- d-----w- C:\Program Files (x86)\Belkin 2013-01-11 13:25:13 -------- d-----w- C:\Bilder 2013-01-11 13:17:19 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-01-11 13:17:19 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-01-10 17:37:25 -------- d-----w- C:\Tmp 2013-01-10 17:32:12 -------- d-----w- C:\Users\SmartGoran\AppData\Local\Google 2013-01-09 12:49:59 55296 ----a-w- C:\Windows\SysWow64\cero.rs 2013-01-03 18:19:56 -------- d-----w- C:\Users\SmartGoran\AppData\Local\Pokki 2013-01-03 18:19:23 -------- d-----w- C:\Users\SmartGoran\AppData\Roaming\OpenCandy 2013-01-03 18:19:19 -------- d-----w- C:\Program Files (x86)\Veetle 2013-01-03 10:15:38 -------- d-----w- C:\Users\SmartGoran\AppData\Local\Mozilla 2013-01-03 10:15:33 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-12-28 13:19:31 -------- d-----w- C:\Users\SmartGoran\AppData\Local\SolarWinds 2012-12-28 13:18:57 -------- d-----w- C:\TFTP-Root 2012-12-28 13:18:49 -------- d-----w- C:\Program Files (x86)\SolarWinds 2012-12-28 13:18:10 -------- d-----w- C:\Users\SmartGoran\AppData\Local\Applications 2012-12-28 13:18:09 -------- d-----w- C:\ProgramData\SolarWinds . ==================== Find3M ==================== . 2013-01-25 20:37:18 380 ----a-w- C:\Users\SmartGoran\AppData\Roaming\sp_data.sys 2013-01-09 12:40:45 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 12:40:45 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-12 21:37:56 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll . ============= FINISH: 21:41:30,60 ===============
  3. Vet ej om det finns någon återställningspartition. Om det nu finns hur kommer jag åt den då datorn inte kan starta upp och jag inte har någon installations CD. Ja det finns en sådan klisterlapp(Windows Vista Home Premium OEMAct + en Product Key).
  4. Hej, Jag håller på att försöka rädda en kompis dator som jag tror fått ett virus(bara en gissning) som sabbat ntfs.sys. Det är en Sony Vaio med Windows Vista. Den har funkat bra under många år. Det som händer är att den fryser då man försöker göra något efter att den startat upp helt. I felsäkert läge med nätverk händer inte detta. Efter att jag körde Malwarebytes så startar datorn inte upp längre. Jag får meddelande att ntfs.sys är skadad. Eftersom han inte har installations cd:n(han kommer inte ihåg om han fick en då han köpte datorn för många år sen) så kopierade jag ntfs.sys från en annan dator och ersatte den trasiga med. Dock så har datorn jag försöker fixa en Svenska installation av Vista medans den jag kopierade ifrån har en Engelsk installation. Fick samma problem efter detta. Jag har tagit ur hårddisken och har den kopplad till min egen datorn vi en IDE/SATA till USB converter. Går det att få tag på en fungerande ntfs.sys eller måste jag lämna in datorn till någon datorfirma och köra en reparations installation? /Göran
  5. Inget hittades på något av dom 3 kontona med MBAM. Kan jag anta att datorn är "ren" nu i alla fall?
  6. Ja datorn har 3 konton. Första gången loggade jag in i felsäkert läge och där valde jag Administrator. Sen efter det körde jag i normalt läge på ett annat konto. Sen efter att winlogon.exe och services.exe rensats för User så loggade jag in med det kontot. Sorry om jag har strulat till det genom detta. När vi inte fick ComboFix att fungera så installerade jag CCleaner innan jag fick svar från dig och körde en rensning. Ska jag köra MBAM i felsäkert läge inloggad som Administrator eller?
  7. TEMP var helt tom så jag raderade den katalogen. Kaspersky hittade ingenting: [log] KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, May 25, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Monday, May 25, 2009 00:40:57 Records in database: 2237029 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ Scan statistics Files scanned 73098 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 01:58:41 No malware has been detected. The scan area is clean. The selected area was scanned. [/log] Mbam hittade en del som jag tog bort: [log] Malwarebytes' Anti-Malware 1.36 Database version: 2176 Windows 5.1.2600 Service Pack 2 2009-05-25 18:40:41 mbam-log-2009-05-25 (18-40-41).txt Scan type: Full Scan (C:\|) Objects scanned: 174357 Time elapsed: 52 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b3fa56cf-b3f9-4328-9802-cfaacea86646} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet antivirus pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dll32 (Worm.KoobFace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows logon process (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) [/log]
  8. Jag ser nu att de 2 filerna som var infekterade winlogon.exe och services.exe är borta. Måste ha försvunnit vid någon omstart efter att något av dom programmen jag kört försökt ta bort dom. Vilket antivirusprogram bör jag köra för att vara säker på att datorn är helt ren? Någon onlinescanner som funkar extra bra?
  9. Har kommer loggen fran ComboFix: [log] ComboFix 09-05-24.03 - Marianne 05/25/2009 0:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.46.1033.18.478.189 [GMT 2:00] Körs från: c:\documents and settings\Marianne\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Outdated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\oeminfo.ini c:\windows\system32\mdm.exe c:\windows\system32\nfr.assembly c:\windows\system32\nfr.gpref . (((((((((((((((((((((((( Filer Skapade från 2009-04-24 till 2009-05-24 )))))))))))))))))))))))))))))) . 2009-05-24 21:53 . 2009-05-24 21:53 -------- d-----w c:\program files\CCleaner 2009-05-24 21:00 . 2009-05-24 21:16 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-24 14:35 . 2009-05-24 14:34 410984 ----a-w c:\windows\system32\deploytk.dll 2009-05-24 14:31 . 2009-05-24 14:31 152576 ----a-w c:\documents and settings\Marianne\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-24 14:20 . 2009-05-24 14:20 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-05-03 07:18 . 2009-05-03 07:16 325896 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-05-03 07:18 . 2009-05-03 07:15 108552 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys 2009-05-03 07:18 . 2009-05-03 07:16 11952 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll 2009-05-03 07:18 . 2009-05-03 07:16 486168 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-05-03 07:18 . 2009-05-03 07:16 27784 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys 2009-05-03 07:11 . 2009-05-03 07:10 1085208 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-05-03 07:11 . 2009-05-03 07:09 1437464 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-05-03 07:11 . 2009-05-03 07:09 587032 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe 2009-05-03 07:11 . 2009-05-03 07:09 755992 ----a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-04-29 21:06 . 2009-05-24 13:51 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-04-29 21:06 . 2009-05-24 13:49 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-29 21:06 . 2009-05-24 13:49 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-29 21:06 . 2009-05-24 13:51 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-04-29 21:06 . 2009-05-24 13:53 -------- d-----w c:\windows\system32\drivers\Avg 2009-04-29 21:05 . 2009-04-29 21:05 -------- d-----w c:\program files\AVG 2009-04-29 21:05 . 2009-04-29 21:05 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-28 21:56 . 2009-04-28 21:52 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2009-04-27 19:17 . 2009-05-24 19:29 -------- d--h--w C:\$AVG8.VAULT$ . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 22:30 . 2004-08-06 14:45 -------- d-----w c:\program files\PestPatrol 2009-05-24 14:33 . 2003-08-28 08:06 -------- d-----w c:\program files\Java 2009-05-24 11:20 . 2009-05-24 11:20 -------- d-----w c:\documents and settings\Marianne\Application Data\Malwarebytes 2009-05-24 11:20 . 2009-05-24 11:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-24 11:20 . 2009-05-24 11:20 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-24 11:17 . 2009-05-24 11:17 -------- d-----w c:\program files\ERUNT 2009-04-11 13:48 . 2009-04-11 13:48 -------- d-----w c:\program files\Spotify 2009-04-06 13:32 . 2009-05-24 11:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2009-05-24 11:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-06 14:44 . 2003-03-31 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-23 18:32 826368 ----a-w c:\windows\system32\wininet.dll 1998-12-08 19:53 . 1998-12-08 19:53 99840 ----a-w c:\program files\Common Files\IRAABOUT.DLL 1998-12-08 19:53 . 1998-12-08 19:53 70144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL 1998-12-08 19:53 . 1998-12-08 19:53 48640 ----a-w c:\program files\Common Files\IRALPTTR.DLL 1998-12-08 19:53 . 1998-12-08 19:53 31744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL 1998-12-08 19:53 . 1998-12-08 19:53 186368 ----a-w c:\program files\Common Files\IRAREG.DLL 1998-12-08 19:53 . 1998-12-08 19:53 17920 ----a-w c:\program files\Common Files\IRASRIAL.DLL 2006-11-29 12:08 . 2006-11-29 12:08 60516 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2006-11-29 12:08 . 2006-11-29 12:08 49246 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2006-11-29 12:08 . 2006-11-29 12:08 165990 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-05-13 190024] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-05-29 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-05-29 114688] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-06-18 151552] "CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-23 135168] "CPLDBL10"="c:\program files\EzButton\CPLDBL10.EXE" [2003-07-03 204800] "CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 638976] "TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 49152] "PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304] "PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480] "CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 188416] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-24 1947928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-24 148888] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-24 13:51 11952 ----a-w c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk backup=c:\windows\pss\Exif Launcher 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Personal.lnk backup=c:\windows\pss\Personal.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Marianne^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk] path=c:\documents and settings\Marianne\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MobiLink IILServer"=2 (0x2) "CeEPwrSvc"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office\\1033\\WFXMSRVR.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/29/2009 23:06 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/29/2009 23:06 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/29/2009 23:05 298776] R2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\drivers\DPORTIO.SYS [4/12/2001 16:04 3674] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11/10/2007 23:34 10976] S4 MobiLink IILServer;MobiLink IILServer;c:\program files\Novatel Wireless\MobiLink\iilserver.exe [3/5/2004 14:09 49152] . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe SafeBoot-procexp90.Sys . ------- Extra genomsökning ------- . uStart Page = hxxp://eforum.idg.se/viewmsg.asp?EntriesId=1141560#1141629 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - ---- FIREFOX POLICY ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 00:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Sluttid: 2009-05-24 0:39 ComboFix-quarantined-files.txt 2009-05-24 22:38 Före genomsökningen: 23,242,240,000 bytes free Efter genomsökningen: 23,461,605,376 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 189 --- E O F --- 2009-04-24 20:02 [/log]
  10. DelNVC5.exe sager "Cannot find any Norman Virus Control installed" Vagar jag kora ComboFix aven fast den sager: Varning!! ComboFix har upptackt att foljande realtidsskanner(skannrar) ar aktiv(a): antivirus: Norman Security Suite ver. 7.00 Antivirus- och intrangsskyddsprogram ar kanda for att stora nar ComboFix kors. Detta kan leda till oforutsagbara resultat eller mojligen maskinskador. Inaktivera dessa skannrar innan du klickar pa OK.
  11. ComboFix klagar pa att Norton Security Suite ver 7.00 ar aktiv. Jag korde det dar avinstallationsprogrammet som du lankade till. Norman finns inte under C:/Program Files, inte under Add/Remove files. Hur stoppar jag den processen som verkar autostartas da jag loggar in?
  12. Pest Patrol hittade 3 Spyware cookie och Adware(Adtech.de, DoubleClick och WhenU.SaveNow). Raderade alla 3. MBAM Hittade foljande: [log] Malwarebytes' Anti-Malware 1.36 Database version: 2175 Windows 5.1.2600 Service Pack 2 5/24/2009 22:31:52 mbam-log-2009-05-24 (22-31-52).txt Scan type: Quick Scan Objects scanned: 105518 Time elapsed: 53 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\User\Application Data\Internet Antivirus Pro (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\settings.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\uill.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\unins000.exe (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\updateloadlist.ini (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\db\config.cfg (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\db\Timeout.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Internet Antivirus Pro\db\Urls.inf (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\User\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> Quarantined and deleted successfully. [/log] Jag valde att raderade dem. Jag har uppdaterat AVG. Under tiden som jag scannar sa far jag upp en varning fran AVG. Virus Found Win32/Cryptor pa winlogon.exe filen. Jag har ocksa uppdaterat Java och tagit bort Norton och Norman enligt dina instruktioner.
  13. [log] DDS (Ver_09-05-14.01) - NTFSx86 NETWORK Run by Administrator at 13:53:12.31 on Sun 05/24/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.46.1033.18.478.267 [GMT 2:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Outdated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IELSKG9J\dds[1].scr ============== Pseudo HJT Report =============== BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\sv\msntb.dll TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\sv\msntb.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [CeEPOWER] c:\program files\toshiba\power management\CePMTray.exe mRun: [CPLDBL10] c:\program files\ezbutton\CPLDBL10.EXE mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe mRun: [PestPatrol Control Center] c:\progra~1\pestpa~1\PPControl.exe mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Music01 Server] c:\program files\j river\media jukebox\Music01 Server.exe mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRunOnce: [iETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll Notify: WRNotifier - WRLogonNTF.dll ================= FIREFOX =================== FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); ============= SERVICES / DRIVERS =============== R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-29 108552] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-29 325896] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-29 27784] S1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-29 298776] S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096] S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808] S2 DPortIO;Dritek Port I/O Driver;c:\windows\system32\drivers\DPORTIO.SYS [2001-4-12 3674] S2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008] S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-3-12 1221864] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-11-10 10976] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080104.002\naveng.sys [2008-1-4 81232] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080104.002\navex15.sys [2008-1-4 865904] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192] S4 MobiLink IILServer;MobiLink IILServer;c:\program files\novatel wireless\mobilink\iilserver.exe [2004-3-5 49152] =============== Created Last 30 ================ 2009-05-24 13:20 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-05-24 13:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-24 13:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-05-24 13:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-05-24 01:47 <DIR> --d----- C:\kl.files 2009-05-16 18:14 <DIR> --d----- c:\documents and settings\administrator\WINDOWS 2009-05-16 18:14 <DIR> --d----- c:\documents and settings\Administrator 2009-04-29 23:06 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-04-29 23:06 10,520 a------- c:\windows\system32\avgrsstx.dll.old 2009-04-29 23:06 108,552 a------- c:\windows\system32\drivers\avgtdix.sys.old 2009-04-29 23:06 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-04-29 23:06 325,896 a------- c:\windows\system32\drivers\avgldx86.sys 2009-04-29 23:06 325,640 a------- c:\windows\system32\drivers\avgldx86.sys.old 2009-04-29 23:06 27,656 a------- c:\windows\system32\drivers\avgmfx86.sys.old 2009-04-29 23:06 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-04-29 23:05 <DIR> --d----- c:\program files\AVG 2009-04-29 23:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-04-28 23:56 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2009-04-27 21:17 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-04-24 18:46 42,552 a------- c:\windows\system32\drivers\ale_nf.sys 2009-04-24 18:44 <DIR> --d----- c:\program files\Norman ==================== Find3M ==================== 2009-03-06 16:44 283,648 a------- c:\windows\system32\pdh.dll 2009-03-03 02:18 826,368 a------- c:\windows\system32\wininet.dll 1998-12-08 21:53 186,368 a------- c:\program files\common files\IRAREG.DLL 1998-12-08 21:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL 1998-12-08 21:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL 1998-12-08 21:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL 1998-12-08 21:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL 1998-12-08 21:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL ============= FINISH: 13:53:58.54 =============== [/log] [log] UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/18/2003 11:50:14 System Uptime: 5/24/2009 13:50:51 (0 hours ago) Motherboard: TOSHIBA | | DBL00 Processor: Mobile Intel® Pentium® 4 CPU 2.80GHz | NWD | 2797/mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 37 GiB total, 21.3 GiB free. D: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP659: 1/30/2009 14:48:46 - System Checkpoint RP660: 1/31/2009 14:58:14 - System Checkpoint RP661: 2/1/2009 18:50:31 - System Checkpoint RP662: 2/3/2009 12:27:11 - System Checkpoint RP663: 2/4/2009 16:29:49 - System Checkpoint RP664: 2/8/2009 20:30:37 - System Checkpoint RP665: 2/9/2009 20:51:27 - System Checkpoint RP666: 2/10/2009 20:58:52 - System Checkpoint RP667: 2/11/2009 21:45:21 - System Checkpoint RP668: 2/11/2009 21:59:39 - Software Distribution Service 3.0 RP669: 2/13/2009 16:27:35 - System Checkpoint RP670: 2/14/2009 16:47:50 - System Checkpoint RP671: 2/15/2009 19:18:59 - System Checkpoint RP672: 2/16/2009 19:42:20 - System Checkpoint RP673: 2/18/2009 12:43:04 - System Checkpoint RP674: 2/19/2009 18:47:17 - System Checkpoint RP675: 2/20/2009 19:33:05 - System Checkpoint RP676: 2/21/2009 19:36:22 - System Checkpoint RP677: 2/23/2009 19:29:48 - System Checkpoint RP678: 2/24/2009 23:19:29 - Software Distribution Service 3.0 RP679: 2/26/2009 18:19:54 - System Checkpoint RP680: 3/1/2009 21:10:10 - System Checkpoint RP681: 3/2/2009 22:38:17 - System Checkpoint RP682: 3/4/2009 15:22:55 - System Checkpoint RP683: 3/6/2009 17:28:18 - System Checkpoint RP684: 3/8/2009 18:25:10 - System Checkpoint RP685: 3/10/2009 19:03:24 - System Checkpoint RP686: 3/11/2009 00:05:27 - Software Distribution Service 3.0 RP687: 3/12/2009 18:47:18 - System Checkpoint RP688: 3/13/2009 18:54:01 - System Checkpoint RP689: 3/14/2009 20:03:10 - System Checkpoint RP690: 3/15/2009 20:22:34 - System Checkpoint RP691: 3/16/2009 20:29:57 - System Checkpoint RP692: 3/17/2009 20:51:42 - System Checkpoint RP693: 3/20/2009 09:32:06 - System Checkpoint RP694: 3/21/2009 20:59:30 - Software Distribution Service 3.0 RP695: 3/23/2009 17:44:29 - System Checkpoint RP696: 3/24/2009 21:38:40 - System Checkpoint RP697: 3/26/2009 18:52:37 - System Checkpoint RP698: 3/29/2009 18:12:36 - System Checkpoint RP699: 4/3/2009 22:41:44 - System Checkpoint RP700: 4/6/2009 18:04:28 - System Checkpoint RP701: 4/8/2009 17:00:41 - System Checkpoint RP702: 4/10/2009 12:46:01 - System Checkpoint RP703: 4/11/2009 14:10:49 - System Checkpoint RP704: 4/12/2009 18:56:33 - System Checkpoint RP705: 4/15/2009 09:49:13 - Software Distribution Service 3.0 RP706: 4/16/2009 20:20:50 - System Checkpoint RP707: 4/18/2009 15:41:29 - System Checkpoint RP708: 4/21/2009 09:25:05 - System Checkpoint RP709: 4/22/2009 12:01:50 - System Checkpoint RP710: 4/22/2009 13:31:44 - Software Distribution Service 3.0 RP711: 4/24/2009 14:38:49 - Software Distribution Service 3.0 RP712: 4/24/2009 18:38:16 - Installed Norman Security Suite. RP713: 4/24/2009 18:39:03 - Installed Windows XP WgaNotify. RP714: 4/24/2009 18:44:38 - Installed Norman Security Suite. RP715: 4/24/2009 21:39:56 - Software Distribution Service 3.0 RP716: 4/29/2009 09:10:08 - System Checkpoint RP717: 4/29/2009 22:42:13 - Removed Norman Security Suite. RP718: 4/29/2009 23:05:33 - Installed AVG Free 8.5 RP719: 4/30/2009 00:10:54 - Software Distribution Service 3.0 RP720: 5/3/2009 09:11:03 - Avg8 Update RP721: 5/3/2009 09:18:18 - Avg8 Update ==== Installed Programs ====================== Ad-Aware SE Personal Adobe Flash Player 10 ActiveX Adobe Reader 6.0 Adobe® Photoshop® Album Starter Edition 3.0 ALPS Touch Pad Driver AVG 8.5 CapMan Easy Button ERUNT 1.1j FinePixViewer Resource FinePixViewer Ver.5.2 FUJIFILM USB Driver Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) hp deskjet 3820 series - Avinstallation ImageMixer VCD2 LE for FinePix Intel® Extreme Graphics Driver InterVideo WinDVD 4 Java 2 Runtime Environment, SE v1.4.2 Kit ADSL USB LiveUpdate 2.0 (Symantec Corporation) Macromedia Shockwave Player Malwarebytes' Anti-Malware Messenger Plus! 3 MGI PhotoSuite 8.1 (Remove Only) Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft Visual C++ 2005 Redistributable MobiLink Mozilla Firefox (1.5) MSN Verktygslåda MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Personal RAW FILE CONVERTER LE Read and Proceed Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911280) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Skype™ 3.8 SMSC IrCC Driver V5.1.2462.0 (WinXP) Sony Ericsson Device Data Sony Ericsson Drivers Sony Ericsson Mobile Phone Monitor Sony Ericsson PC Suite SpeedTouch USB Software Spotify Symantec AntiVirus TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Hotkey Utility TOSHIBA Manuals TOSHIBA Power Management Utility Toshiba screensaver TOSHIBA Software Modem TouchPad On/Off Utility Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update Service WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 3 WinZip ==== Event Viewer Messages From Past Week ======== 5/24/2009 13:43:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips IntelIde intelppm ohci1394 SAVRT SrvcEKIOMngr SrvcEPIOMngr SrvcSSIOMngr SrvcTPIOMngr SYMTDI 5/24/2009 13:15:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 5/24/2009 13:14:28, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm SAVRT SrvcEKIOMngr SrvcEPIOMngr SrvcSSIOMngr SrvcTPIOMngr SYMTDI 5/24/2009 13:11:48, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 5/24/2009 13:11:46, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/23/2009 23:45:48, error: Service Control Manager [7000] - The Guard Service service failed to start due to the following error: Access is denied. 5/23/2009 23:45:48, error: Service Control Manager [7000] - The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: The system cannot find the file specified. ==== End Of File =========================== [/log]
  14. Det är fiilerna: c:/Documents and Settings/User/Application Data/Microsoft/Windows/winlogon.exe och c:/Documents and Settings/User/Local Settings/Application Data/Microsoft/Windows/services.exe Datorn har 3 användarkonton då man loggar in. Kan man ta bort just den användaren som hör ihop med winlogon.exe? Ser ju ut som som användaren heter User väl? Kaspersky kan bara ta bort filen, inte laga den. Datorn är en laptop som syrran fått för 7 år sen i Spannien och hon har ingen aning om var installations cd:n finns. Jag vill om möjligt laga istället för att installera om. [inlägget ändrat 2009-05-24 12:36:52 av Cubit]
  15. Det är i alla fall vad Kaspersky med en uppdaterad databas säger då jag scannar från deras Boot cd.
×
×
  • Skapa nytt...