kommer inte in på windows xp, virus?

[Zipp.]

 

Titta efter om du ser nå filnamn.

 

[CSO]

nej, bara exakt samma ruta som förut...

 

[CSO]

men virusen och det då? går det inte att fortsätta utan att "få bort" den där rutan eller?

 

[Zipp.]

 

Kör driver verifier en gång till och efter blåa skärmen leta upp .dmp fil som skapades och ladda ner den i länken som tidigare.

 

[CSO]

Hmm, har försökt tre gånger nu men varje gång jag försöker ladda upp filen så kommer det upp att servern inte svarar eller något sånt när typ halva är klar...

 

[Zipp.]

 

Testa via nån annan sida

 

http://www.google.se/search?hl=sv&q=send+a+file&btnG=S%C3%B6k&meta=

 

[CSO]

hmm, måste på de som jag hittat ha en mailadress att skicka till.

 

[Cecilia]

Du kan kan skapa en temporär slask-adress på t ex http://www.jetable.org/en/index

 

[Zipp.]

 

Ex. här kan du sätta din egen mail i bägge och du får en länk

 

http://www.yousendit.com/#

 

[CSO]

gick inte att sända stora filer gratis där, men letar vidare...

 

[Cecilia]

Hur stor är dump-filen?

Om man ställer in Liten dumpning så verkar dump-filen bli 88 kB:

Högerklick på Den här datorn - Egenskaper - Avancerat - Start... Inställningar - Skriv felsökningsinformation - Liten dumpning

 

[CSO]

Asså mräkte när jag startade om att jag fortfarande hade igång verifier, och sen fick jag inte av den, men jag gick in på den igen och syg att en driver som jag "verify" hade "description: <unknown>" så jag valde att vara kolla den, som btw hette amkjsygy.sys. och när jag gjorde det så kom den där blå skärmen upp om att det var något fel på en av dom drivers jag kollade. så då borde det ju vara den eller?

 

[Zipp.]

 

fortfarande hade igång verifier, och sen fick jag inte av den

 

I länken jag gav tidigare om verifier så finns det info hur man stänger av den.

 

Scanna filen amkjsygy.sys i länken och kopiera hela resultat och skicka hit

 

http://www.virustotal.com/

 

[CSO]

nu finns inte den filen helt plötsligt :S

 

[Cecilia]

Zipp har gått för ikväll, men jag ger några förslag så länge.

 

Det är kanske en sådan otrevlighet som byter namn när man startar om datorn eller liknande.

Eftersom det har gått några dagar så är det kanske dags för en ny main-logg från Deckards skanner.

Du kan också se om du kan komma fram till det nya filnamnet på drivrutinen med Driver verifier och så på en gång skanna den på http://www.virustotal.com/

 

[CSO]

här kommer main-loggen^^

 

[log]Deckard's System Scanner v20071014.68

Run by caroline on 2008-05-17 00:17:28

Computer is in Safe Mode with Networking.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as caroline.exe) --------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:17:30, on 2008-05-17

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\caroline\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\caroline.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1053

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {3A000524-5872-4AAB-8091-1D5CFC4EC720} - C:\WINDOWS\system32\mlJATjkL.dll (file missing)

O2 - BHO: (no name) - {623B6C68-B4D9-4C1B-A789-B378B48D229B} - C:\WINDOWS\system32\xxyyVOHx.dll (file missing)

O2 - BHO: (no name) - {67120148-1E3E-4B07-85D1-E73D8A43773B} - C:\WINDOWS\system32\pmnkKaWn.dll (file missing)

O2 - BHO: (no name) - {70CF0E53-42F0-4640-A672-52B14214439E} - C:\WINDOWS\system32\byXQJYQi.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: {c79a1fb1-c1b4-d6a8-dde4-a9b4952a2c1b} - {b1c2a259-4b9a-4edd-8a6d-4b1c1bf1a97c} - C:\WINDOWS\system32\msfxyfgg.dll (file missing)

O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\byXrroOE.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [ucookw] "C:\PROGRA~1\TRYGGD~1\ucookw.exe" -start

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bm(1)] "C:\Program Files\Common Files\BortMedVirus\bm.exe" dm=http://bortmedvirus.com ad=http://bortmedvirus.com sd=http://atour.bortmedvirus.com

O4 - HKLM\..\Run: [a4a5ac12] rundll32.exe "C:\WINDOWS\system32\fpcubxxk.dll",b

O4 - HKLM\..\Run: [bMa7969f8e] Rundll32.exe "C:\WINDOWS\system32\xoghpywg.dll",s

O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\caroline\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [arjnyorp] C:\WINDOWS\system32\doxefura.exe

O4 - HKCU\..\Run: [e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\caroline\Start Menu\Programs\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O20 - Winlogon Notify: byXrroOE - byXrroOE.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 10121 bytes

 

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

 

2008-05-13 16:00:20 55871 --a------ C:\Documents and Settings\Administrator\gpqxfvie.exe

2008-05-13 15:38:28 0 d-------- C:\WINDOWS\LastGood

2008-05-13 15:19:16 0 d-------- C:\Documents and Settings\caroline\Application Data\GetRightToGo

2008-05-05 19:19:16 55871 --a------ C:\Documents and Settings\caroline\gpqxfvie.exe

2008-05-05 19:16:16 0 --a------ C:\backup.reg

2008-05-05 19:16:15 135168 --a------ C:\zip.exe

2008-05-05 19:16:15 19286 --a------ C:\cleanup.exe

2008-05-05 19:16:15 574 --a------ C:\cleanup.bat

2008-05-04 20:41:21 0 d-------- C:\WINDOWS\LastGood.Tmp

2008-05-01 23:38:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe

2008-04-30 20:16:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia

2008-04-30 20:14:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla

2008-04-28 22:52:21 5816 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-28 22:51:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-04-28 22:51:56 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-04-28 22:51:56 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-04-28 22:51:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-04-28 22:51:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>

2008-04-28 22:51:56 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-28 22:51:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-04-28 22:51:56 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-28 22:51:55 0 d-------- C:\Documents and Settings\caroline\SmitfraudFix <SMITFR~1>

2008-04-28 17:46:21 0 d-------- C:\WINDOWS\ERUNT

2008-04-26 11:06:44 0 d-------- C:\Documents and Settings\caroline\Application Data\Help

2008-04-25 18:49:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Templates

2008-04-25 18:46:34 0 dr------- C:\Documents and Settings\Administrator\Start Menu

2008-04-25 18:46:34 0 dr-h----- C:\Documents and Settings\Administrator\SendTo

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Recent

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\PrintHood

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\NetHood

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\My Documents

2008-04-25 18:46:34 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Favorites

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Desktop

2008-04-25 18:46:34 0 d---s---- C:\Documents and Settings\Administrator\Cookies

2008-04-25 18:46:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data

2008-04-25 18:46:34 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft

2008-04-25 18:46:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives

2008-04-25 18:46:33 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

2008-04-25 13:15:27 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2008-04-25 13:04:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-24 22:45:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-04-22 20:59:44 0 d-------- C:\Program Files\Common Files\Application

2008-04-22 20:59:10 0 d-------- C:\Program Files\SPYWAREfighter

2008-04-22 10:21:00 0 d-------- C:\Documents and Settings\caroline\Application Data\TmpRecentIcons

2008-04-21 21:33:56 0 d-------- C:\Program Files\DAEMON Tools Lite

2008-04-21 21:10:49 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-04-21 21:10:44 0 d-------- C:\Documents and Settings\caroline\Application Data\DAEMON Tools

2008-04-21 18:43:49 0 d-------- C:\Program Files\NeroInstall.bak

2008-04-21 18:42:04 0 d-------- C:\Documents and Settings\caroline\Application Data\Nero

2008-04-21 18:39:16 0 d-------- C:\Program Files\Nero

2008-04-21 18:39:16 0 d-------- C:\Program Files\Common Files\Nero

2008-04-21 18:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-04-21 17:46:44 0 d-------- C:\Documents and Settings\caroline\Application Data\ImgBurn

2008-04-21 17:43:21 0 d-------- C:\Program Files\ImgBurn

2008-04-20 23:59:44 0 d-------- C:\Program Files\IZArc

2008-04-20 17:21:54 0 d-------- C:\Program Files\Red Mile Entertainment

2008-04-20 16:54:52 0 d-------- C:\spel

2008-04-18 16:44:36 0 d-------- C:\Documents and Settings\LocalService\My Documents

2008-04-18 16:44:08 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>

2008-04-18 16:43:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-05-13 16:29:20 0 d-------- C:\Program Files\Pinnacle

2008-05-09 22:35:48 0 d-------- C:\Documents and Settings\caroline\Application Data\Adobe

2008-05-05 13:58:17 0 d-------- C:\Program Files\dummsn

2008-05-04 20:19:31 0 d-------- C:\Program Files\Common Files

2008-05-04 20:02:18 0 d-------- C:\Documents and Settings\caroline\Application Data\PC Tools

2008-05-02 21:41:11 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-25 15:11:20 0 d-------- C:\Program Files\LimeWire

2008-04-25 13:15:27 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>

2008-04-25 13:14:05 0 d-------- C:\Program Files\PAN Vision

2008-04-21 18:00:56 0 d-------- C:\Program Files\SlySoft

2008-04-20 15:30:32 0 d-------- C:\Documents and Settings\caroline\Application Data\LimeWire

2008-04-18 17:05:52 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

2008-04-12 15:30:34 0 d-------- C:\Program Files\Common Files\PC Tools

2008-04-12 13:45:49 0 d-------- C:\Program Files\Hewlett-Packard

2008-03-27 20:29:25 0 d-------- C:\Program Files\Java

2008-03-27 20:28:20 0 d-------- C:\Program Files\Common Files\Java

2008-03-24 19:00:32 0 d-------- C:\Documents and Settings\caroline\Application Data\Opera

2008-03-24 00:28:52 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-23 23:41:16 0 d-------- C:\Documents and Settings\caroline\Application Data\Roxio

2008-03-21 16:14:07 0 d-------- C:\Documents and Settings\caroline\Application Data\Uniblue

2008-03-21 16:13:59 0 d-------- C:\Program Files\Uniblue

2008-03-21 16:01:45 0 d-------- C:\Program Files\Ubisoft

2008-03-21 00:09:42 0 d-------- C:\Program Files\MessengerPlus! 3

2008-03-20 14:30:50 0 d-------- C:\Program Files\Microsoft Games

2008-03-18 14:57:51 0 d-------- C:\Program Files\Mindscape

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A000524-5872-4AAB-8091-1D5CFC4EC720}]

C:\WINDOWS\system32\mlJATjkL.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{623B6C68-B4D9-4C1B-A789-B378B48D229B}]

C:\WINDOWS\system32\xxyyVOHx.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67120148-1E3E-4B07-85D1-E73D8A43773B}]

C:\WINDOWS\system32\pmnkKaWn.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70CF0E53-42F0-4640-A672-52B14214439E}]

C:\WINDOWS\system32\byXQJYQi.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1c2a259-4b9a-4edd-8a6d-4b1c1bf1a97c}]

C:\WINDOWS\system32\msfxyfgg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}]

C:\WINDOWS\system32\byXrroOE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 18:19]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 07:47]

"nwiz"="nwiz.exe" [2005-11-11 07:47 C:\WINDOWS\system32\nwiz.exe]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 12:10]

"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 01:07]

"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 07:47]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 C:\WINDOWS\system32\bthprops.cpl]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 15:42]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-21 00:09]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29]

"ucookw"="C:\PROGRA~1\TRYGGD~1\ucookw.exe" []

"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

"bm(1)"="C:\Program Files\Common Files\BortMedVirus\bm.exe" []

"a4a5ac12"="C:\WINDOWS\system32\fpcubxxk.dll" []

"BMa7969f8e"="C:\WINDOWS\system32\xoghpywg.dll" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 13:08]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-21 00:09]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"arjnyorp"="C:\WINDOWS\system32\doxefura.exe" []

"e©ùýùÇûï×óÎØøøÁøôóÊýÛñûöÞó"="C:\Program Files\XP Antivirus\xpa.exe" []

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"MessengerPlusLiveUninstall"="C:\DOCUME~1\caroline\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup

"Cleanup"=C:\cleanup.exe

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

 

C:\Documents and Settings\caroline\Start Menu\Programs\StartupAdobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 22:54:03]

 

C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-12 22:54:03]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{EE5A1465-1E73-4784-8F63-45983FDF0DB8}"= C:\WINDOWS\system32\byXrroOE.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXrroOE]

byXrroOE.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnkKaWn

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs BthServ

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

AutoRun\command- D:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908bbcf2-bfaf-11dc-a40c-000ea132e704}]

Auto\command- H:\Start.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-05-17 00:18:25 ------------

 

[/log]

 

[Cecilia]

Ser mycket bättre ut nu än tidigare i alla fall.

 

Kopiera in följande i Anteckningar:

Files to delete:
C:\Documents and Settings\Administrator\gpqxfvie.exe
C:\Documents and Settings\caroline\gpqxfvie.exe

Kontrollera att varje filnamn står på endast en rad och inte har delats upp på två rader.

Starta Avenger.

I den stora rutan så klistrar du in texten som finns i Anteckningar.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger).

Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här liksom en ny main-logg från Deckards.

 

[CSO]

bra, hoppas datorn går att starta utan den blåa skärmen nu då, annars återkommer jag

 

[Cecilia]

Jag hoppas att du återkommer i vilket fall som helst.

 

[CSO]

skönt att det ser bättre ut iaf... men jag kan inte starta datorn i normalt läge. på något konstigt sätt så får jag fortfarande upp den blåa skärmen där det står att IO managern har typ hittat fel på de drivers jag kollar. men är helt säker på att jag stängt av Verifier.

 

[Cecilia]

Kan du få fram ett nytt filnamn med Driver Verify?

 

[CSO]

hur menar du med "få fram"? :S

 

[Cecilia]

Förut fick du fram en fil som hette amkjsygy.sys, så på samma sätt som du gjorde då.

 

[CSO]

nej, asså jag råkade bara se att den var typ unknown. fick inte fram den på något sett alls

 

[Cecilia]

Finns det någon fil nu med typen unknown?

 

Är det alltid samma felmeddelande på blåskärmarna?

Alltså DRIVER_IRQL_NOT_LESS_OR_EQUAL