Just nu i M3-nätverket
Gå till innehåll

BlueScreen problem


)U(

Rekommendera Poster

Har problem med att datorn (W7 64-bit) startar om sig själv och blue screen dyker upp.

När jag loggar in så visas:

 

"RunDLL

Det uppstod ett problem med starten av winrjr32.rom

Det gick inte att hitta den angivna modulen"

 

hm? :mellow:

Länk till kommentar
Dela på andra webbplatser

Felmeddelandet ser ut som en rest efter att ett antivirusprogram har tagit bort en skadlig fil. Kan du hitta någon logg/karantän där det framgår vad antivirusprogrammet har hittat för typ av skadlig fil och vilken fil och mapp det gäller?

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Länk till kommentar
Dela på andra webbplatser

Jag kanske failar lite nu, hängde inte helt med men jag hittade detta:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MSSMSGS=rundll32.exe winrjr32.rom,iUEBIZ

Tog bort det men blue screen skiten kommer fortfarande fram..

Om jag fattade rätt så ska jag klistra in DDS.txt här..

 

DDS (Ver_10-12-05.01) - NTFS_AMD64

Run by spiderpig at 22:57:27,19 on 2010-12-08

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4096.2781 [GMT 1:00]

 

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\johannes\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"

uRun: [MSSMSGS] rundll32.exe winrjr32.rom,iUEBIZ

uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"

dRunOnce: [<NO NAME>]

StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Crawler Search - tbr:iemenu

IE: Konvertera länkmål till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera länkmål till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera markering till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera markering till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera valda länkar till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konvertera valda länkar till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

{B164E929-A1B6-4A06-B104-2CD0E90A88FF}

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}

TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB-X64: {7C5C0F58-E061-457D-9033-77307F5ED00C} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys [2010-7-7 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys [2010-7-7 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-6-18 942640]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys [2010-7-7 615040]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSviA64.sys [2010-7-8 463408]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys [2010-7-7 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys [2010-7-7 451120]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2010-8-22 101048]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-7-7 126392]

R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696]

R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-7-7 132656]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]

S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176]

S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]

 

=============== File Associations ===============

 

regfile="regedit.exe" "%1"

 

=============== Created Last 30 ================

 

2019-11-13 10:53:01 -------- d-----w- C:\$WIN_NT$.~BT

2010-12-08 17:24:03 -------- d-----w- C:\Windows\pss

2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest

2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds

2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged

2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme

2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter

2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade

2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield

2010-11-23 19:03:47 -------- d-----w- C:\Users\johannes\AppData\Local\The Lord of the Rings Online

2010-11-23 13:34:28 -------- d-----w- C:\Program Files (x86)\Codemasters

2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06

2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision

2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll

2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll

2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c

2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2010-11-09 00:43:33 -------- d-----w- C:\Program Files (x86)\Celestia

 

==================== Find3M ====================

 

2010-11-01 10:50:42 356352 ----a-w- C:\Windows\eSellerateEngine.dll

 

============= FINISH: 22:58:16,40 ===============

 

Ska jag bifoga Attach.txt som .zip? (Satte lösen "123")

Eller är jag helt ute och cycklar? :rolleyes:

attach.zip

Länk till kommentar
Dela på andra webbplatser

Jag kanske failar lite nu, hängde inte helt med men jag hittade detta:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MSSMSGS=rundll32.exe winrjr32.rom,iUEBIZ

Jag tänkte mer att du kollar i Norton efter information om att Norton har tagit bort någon fil därför att det är skadlig.

 

.txt filer går bra att bifoga som de är, de behöver inte zippas först. Men du behöver inte bifoga filen på nytt för jag har läst den ändå.

 

Du har ju installerat mycket de senaste dagarna. Var det i samband med det som problemet med blåskärmar började?

2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest

2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds

2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged

2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme

2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter

2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade

2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield

 

Är Windows verkligen uppdaterat ordentligt enligt Kontrollpanelen - Windows Update?

 

Avinstallera (med Internet Explorer avstängd):

Crawler Toolbar with Web Security Guard

DAEMON Tools Toolbar

SweetIM Toolbar for Internet Explorer 3.9

TorrentMan Toolbar

 

Starta om datorn.

 

Raden som orsakar det felmeddelande ska gå att ta bort med HijackThis. Ladda ner från en av länkarna:

http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi (bästa alternativet)

http://www.filehippo.com/download_hijackthis/

http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Nej, bluescreen problemen kom långt innan jag installerade det.

Det kom precis innan jag installerade Spyware Terminator.

Tror att det ska vara uppdaterat i alla fall :rolleyes:

Startade HijackThis scan och då kom detta upp:

"For some reason your system denied write access to the Hosts file. If

any hijacked domains are in this file, HijackThis may NOT be able to fix

this."

 

--------------------------------------------------------

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:50:49, on 2010-12-09

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O4 - Startup: password.vbs

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: Konvertera länkmål till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera länkmål till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera markering till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera markering till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konvertera till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konvertera valda länkar till Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konvertera valda länkar till befintlig PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: ASP.NET tillståndstjänst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Länk till kommentar
Dela på andra webbplatser

Har du åtgärdat försöket att starta upp winrjr32.rom för jag kan inte se till den raden i HijackThis-loggen?

 

Hur länge sedan är det sedan blåskärmarna började tror du?

 

Jag hoppas att du har avinstallerat alla "toolbar" nu.

Starta HijackThis genom att högerklicka på filen och välja "Kör som administratör". Skanna med HijackThis och bocka för:

 

R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll

R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files (x86)\TorrentMan\tbTorr.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och så en ny DDS-logg.

Länk till kommentar
Dela på andra webbplatser

Har du åtgärdat försöket att starta upp winrjr32.rom

Ja, tyverr upptäckte jag också att det var ej det som orsakade bluescreen.

 

Blåskärm problemen startade för ungefär en månad sen tror jag.

 

---------------

 

[log]DDS (Ver_10-12-05.01) - NTFS_AMD64 Run by johannes at 18:49:56,53 on 2010-12-10 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4096.2950 [GMT 1:00] SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\PROGRAM FILES (X86)\SWEETIM\MESSENGER\SWEETIM.EXE C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE C:\WINDOWS\SYSTEM32\WUAUCLT.EXE C:\WINDOWS\SYSTEM32\TASKENG.EXE C:\USERS\JOHANNES\DESKTOP\DDS.SCR C:\WINDOWS\SYSTEM32\CONHOST.EXE C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE ============== Pseudo HJT Report =============== mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe, BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe mRun: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" dRunOnce: [] StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Konvertera länkmål till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera länkmål till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera markering till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera markering till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Konvertera till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Konvertera valda länkar till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Konvertera valda länkar till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys [2010-7-7 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys [2010-7-7 221232] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-6-18 942640] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys [2010-7-7 615040] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSviA64.sys [2010-7-8 463408] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys [2010-7-7 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys [2010-7-7 451120] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-7-7 126392] R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696] R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-28 132656] R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176] S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-9 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] =============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2019-11-13 10:53:01 -------- d-----w- C:\$WIN_NT$.~BT 2010-12-10 17:13:32 388096 ----a-r- C:\Users\johannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-12-10 17:13:31 -------- d-----w- C:\Program Files (x86)\Trend Micro 2010-12-09 17:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2010-12-09 17:27:39 -------- d-----w- C:\Users\johannes\AppData\Local\Microsoft Help 2010-12-09 17:00:36 -------- d-----w- C:\8fa31e1f600b1981bfa4f90a583fe47e 2010-12-09 16:55:40 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2010-12-09 16:55:40 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2010-12-09 16:55:40 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2010-12-09 16:55:40 444752 ----a-w- C:\Windows\System32\mscoree.dll 2010-12-09 16:55:40 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2010-12-09 16:55:40 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2010-12-09 16:55:40 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2010-12-09 16:55:40 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2010-12-09 16:55:40 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2010-12-09 16:55:40 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2010-12-09 16:52:50 -------- d-----w- C:\Windows\sv 2010-12-09 16:49:37 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2010-12-09 16:48:36 -------- d-----w- C:\Program Files (x86)\MSN Toolbar 2010-12-09 16:48:18 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer 2010-12-09 16:36:51 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467445e01cb97bf2d\InstallManager_WLE_WLE.exe 2010-12-09 16:36:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\371b97b01cb97bf23\MeshBetaRemover.exe 2010-12-09 16:35:58 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DSETUP.dll 2010-12-09 16:35:58 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DXSETUP.exe 2010-12-09 16:35:58 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\dsetup32.dll 2010-12-09 16:35:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DSETUP.dll 2010-12-09 16:35:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DXSETUP.exe 2010-12-09 16:35:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\dsetup32.dll 2010-12-09 16:35:17 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec02bf01cb97bf0f\Silverlight.4.0.exe 2010-12-09 16:34:39 -------- d-----w- C:\Users\johannes\AppData\Local\Windows Live 2010-12-09 16:34:16 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll 2010-12-09 16:34:16 206848 ----a-w- C:\Windows\System32\mfps.dll 2010-12-09 16:34:16 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2010-12-09 16:34:15 4068864 ----a-w- C:\Windows\System32\mf.dll 2010-12-09 16:34:15 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2010-12-09 16:34:15 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2010-12-09 16:34:14 3181568 ----a-w- C:\Windows\SysWow64\mf.dll 2010-12-09 16:15:54 340992 ----a-w- C:\Windows\System32\schannel.dll 2010-12-09 16:15:53 224256 ----a-w- C:\Windows\SysWow64\schannel.dll 2010-12-09 16:15:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll 2010-12-09 16:15:51 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll 2010-12-09 16:15:50 148992 ----a-w- C:\Windows\System32\t2embed.dll 2010-12-09 16:15:50 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll 2010-12-09 16:15:45 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2010-12-09 16:15:45 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2010-12-09 16:15:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2010-12-09 16:15:43 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2010-12-09 16:14:49 3123712 ----a-w- C:\Windows\System32\win32k.sys 2010-12-08 17:24:03 -------- d-----w- C:\Windows\pss 2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest 2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds 2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged 2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme 2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter 2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade 2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield 2010-11-23 19:03:47 -------- d-----w- C:\Users\johannes\AppData\Local\The Lord of the Rings Online 2010-11-23 13:34:28 -------- d-----w- C:\Program Files (x86)\Codemasters 2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06 2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision 2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll 2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll 2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c 2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite ==================== Find3M ==================== 2010-11-01 10:50:42 356352 ----a-w- C:\Windows\eSellerateEngine.dll 2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR 2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL 2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL ============= FINISH: 18:51:09,68 ===============[/log]

Länk till kommentar
Dela på andra webbplatser

2010-11-09 00:43:33 -------- d-----w- C:\Program Files (x86)\Celestia

Installerades för ganska precis en månad sedan.

Länk till kommentar
Dela på andra webbplatser

Blåskärmen började komma kanske en vecka efter jag installerade det.

(Är rätt säker på att det inte är orsaken) Tog lite fel på tiden :rolleyes:

 

-----------

 

DDS (Ver_10-12-05.01) - NTFS_AMD64

Run by johannes at 18:49:56,53 on 2010-12-10

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4096.2950 [GMT 1:00]

 

SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE

C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\17.7.0.12\CCSVCHST.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRAM FILES (X86)\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE

C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe

C:\PROGRAM FILES (X86)\SWEETIM\MESSENGER\SWEETIM.EXE

C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE

C:\WINDOWS\SYSTEM32\TASKENG.EXE

C:\USERS\JOHANNES\DESKTOP\DDS.SCR

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

 

============== Pseudo HJT Report ===============

 

mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [Google Update] "C:\Users\johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

mRun: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe

mRun: [spywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

dRunOnce: [<NO NAME>]

StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1044-F000-7760-000000000002}\SC_Acrobat.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Konvertera länkmål till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera länkmål till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera markering till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera markering till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konvertera till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konvertera valda länkar till Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konvertera valda länkar till befintlig PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL

{9030D464-4C02-4ABF-8ECC-5164760863C6}

TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1107000.00C\symds64.sys [2010-7-7 433200]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1107000.00C\symefa64.sys [2010-7-7 221232]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-6-18 942640]

R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1107000.00C\cchpx64.sys [2010-7-7 615040]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100707.001\IDSviA64.sys [2010-7-8 463408]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\ironx64.sys [2010-7-7 150064]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1107000.00C\symtdiv.sys [2010-7-7 451120]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [2010-7-7 126392]

R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696]

R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-7-6 173352]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-28 132656]

R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2009-6-10 867328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 136176]

S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-9 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

 

=============== File Associations ===============

 

regfile="regedit.exe" "%1"

 

=============== Created Last 30 ================

 

2019-11-13 10:53:01 -------- d-----w- C:\$WIN_NT$.~BT

2010-12-10 17:13:32 388096 ----a-r- C:\Users\johannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-12-10 17:13:31 -------- d-----w- C:\Program Files (x86)\Trend Micro

2010-12-09 17:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2010-12-09 17:27:39 -------- d-----w- C:\Users\johannes\AppData\Local\Microsoft Help

2010-12-09 17:00:36 -------- d-----w- C:\8fa31e1f600b1981bfa4f90a583fe47e

2010-12-09 16:55:40 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2010-12-09 16:55:40 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2010-12-09 16:55:40 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2010-12-09 16:55:40 444752 ----a-w- C:\Windows\System32\mscoree.dll

2010-12-09 16:55:40 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2010-12-09 16:55:40 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2010-12-09 16:55:40 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2010-12-09 16:55:40 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2010-12-09 16:55:40 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2010-12-09 16:55:40 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2010-12-09 16:52:50 -------- d-----w- C:\Windows\sv

2010-12-09 16:49:37 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2010-12-09 16:48:36 -------- d-----w- C:\Program Files (x86)\MSN Toolbar

2010-12-09 16:48:18 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer

2010-12-09 16:36:51 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467445e01cb97bf2d\InstallManager_WLE_WLE.exe

2010-12-09 16:36:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\371b97b01cb97bf23\MeshBetaRemover.exe

2010-12-09 16:35:58 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DSETUP.dll

2010-12-09 16:35:58 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\DXSETUP.exe

2010-12-09 16:35:58 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27a9e3401cb97bf1b\dsetup32.dll

2010-12-09 16:35:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DSETUP.dll

2010-12-09 16:35:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\DXSETUP.exe

2010-12-09 16:35:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2579bcd01cb97bf1a\dsetup32.dll

2010-12-09 16:35:17 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec02bf01cb97bf0f\Silverlight.4.0.exe

2010-12-09 16:34:39 -------- d-----w- C:\Users\johannes\AppData\Local\Windows Live

2010-12-09 16:34:16 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-12-09 16:34:16 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-12-09 16:34:16 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-12-09 16:34:15 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-12-09 16:34:15 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-12-09 16:34:15 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-12-09 16:34:14 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-12-09 16:15:54 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-12-09 16:15:53 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-12-09 16:15:52 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll

2010-12-09 16:15:51 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll

2010-12-09 16:15:50 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-12-09 16:15:50 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-12-09 16:15:45 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2010-12-09 16:15:45 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2010-12-09 16:15:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-12-09 16:15:43 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-12-09 16:14:49 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-12-08 17:24:03 -------- d-----w- C:\Windows\pss

2010-12-07 17:12:02 -------- d-----w- C:\Program Files (x86)\Jewel Quest

2010-12-07 16:43:35 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds

2010-12-07 16:43:05 -------- d-----w- C:\Program Files (x86)\Ricochet Lost Worlds Recharged

2010-12-07 16:42:36 -------- d-----w- C:\Program Files (x86)\Ricochet Xtreme

2010-12-07 16:38:15 -------- d-----w- C:\Program Files (x86)\Alien Shooter

2010-12-07 06:22:41 -------- d-----w- C:\Program Files (x86)\ReflexiveArcade

2010-12-05 14:29:15 -------- d-----w- C:\Program Files (x86)\WinClamAVShield

2010-11-23 19:03:47 -------- d-----w- C:\Users\johannes\AppData\Local\The Lord of the Rings Online

2010-11-23 13:34:28 -------- d-----w- C:\Program Files (x86)\Codemasters

2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06

2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision

2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll

2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll

2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c

2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

 

==================== Find3M ====================

 

2010-11-01 10:50:42 356352 ----a-w- C:\Windows\eSellerateEngine.dll

2010-09-22 23:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-22 23:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-21 13:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 13:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

 

============= FINISH: 18:51:09,68 ===============

Länk till kommentar
Dela på andra webbplatser

1.

10 dagar senare var det dessa:

2010-11-19 23:22:36 -------- d-----w- C:\RJ_RotWK_1_06

2010-11-19 21:55:34 -------- d-----w- C:\Users\johannes\AppData\Local\Activision

2010-11-19 21:53:58 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll

2010-11-19 21:52:59 4494184 ----a-w- C:\Windows\System32\d3dx9_33.dll

2010-11-19 21:47:16 -------- d-----w- C:\DirectX 9c

2010-11-19 15:00:17 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

 

2.

Vet du vad detta gör?

StartupFolder: C:\Users\johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\password.vbs

Det är ett Visual Basic script som körs när du loggar in.

 

3.

Den viktiga informationen på blåskärmen är följande:

Högt upp ett felmeddelande med stora bokstäver (t ex BAD_POOL)

Långt ner rad med mest siffror (STOP...)

Under det ibland ett filnamn

 

4.

Har du gjort en komplett genomsökning av datorn med Norton sedan problemen började?

Hittade i så fall Norton något?

 

5.

Ladda ner Malwarebytes Anti-Malware (MBAM) http://www.malwarebytes.org/mbam-download.php

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

6.

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet "Remove found threats"

Bocka för "Scan Archives

 

Klicka på "Advanced Settings"

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Tryck på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Länk till kommentar
Dela på andra webbplatser

1. Jag har ingen aning om vad C:\Windows\SysWow64\xactengine3_3.dll är för något.

 

2. Det är ett litet script jag gjorde när jag hade tråkigt hehe

 

3. Jag har bara observerat att det står 0*0000D1 (eller liknande)

 

4. Norton har bara hittat en sak, och det är en crack till ett spel.

Blåskärmen började komma innan jag installerade spelet.

 

5.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Databasversion: 5301

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-12-12 18:28:27

mbam-log-2010-12-12 (18-28-27).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 155437

Förfluten tid: 5 minut(er), 23 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 3

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\$Recycle.Bin\s-1-5-21-3836474734-320556758-2751122660-1000\$RLL1JK1.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-3836474734-320556758-2751122660-1000\$rwsc43c.part (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Users\explorer.exe.back (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

 

6.

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6415

# api_version=3.0.2

# EOSSerial=ae979850dcf3ed449726cfacfadb1c24

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-12-12 09:21:25

# local_time=2010-12-12 10:21:25 (+0100, Västeuropa, normaltid)

# country="Sweden"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=3588 16777214 85 83 13601712 31756121 0 0

# compatibility_mode=5893 16776574 100 94 32750101 43805941 0 0

# compatibility_mode=7937 16777213 100 100 333050 3515475 0 0

# compatibility_mode=8192 67108863 100 0 448 448 0 0

# scanned=272249

# found=34

# cleaned=0

# scan_time=12793

C:\$Recycle.Bin\S-1-5-21-3836474734-320556758-2751122660-1000\$RXBBO9H.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\BitLord\Downloads\Sony Vegas Pro 9.0c Build 896 32+64bit (Includes working keygen)\Keygen.exe a variant of Win32/Keygen.AR application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Uniblue\RegistryBooster\decryptor_module.dll Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\ProgramData\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\SPEL\Cheat Engine\Cheat Engine.exe a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\SPEL\Cheat Engine\dbk32.dll a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\SPEL\Cheat Engine\dbk32.sys a variant of Win32/HackTool.CheatEngine.AA application (unable to clean) 00000000000000000000000000000000 I

C:\SPEL\Cheat Engine\Systemcallretriever.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I

C:\SPEL\Cheat Engine\systemcallsignal.exe a variant of Win32/HackTool.SystemCall.AA application (unable to clean) 00000000000000000000000000000000 I

C:\Users\All Users\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\Temp\mia935.tmp\rbia.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\Temp\mia935.tmp\data\OFFLINE\FB000E7F\DBD9B16A\decryptor_module.dll Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winepm32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winrjr32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\wintcm32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winwiz32.rom probably a variant of Win32/Nebuler.AV trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\Downloads\CheatEngine561.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\Downloads\password-recovery-for-msn-setup(2).exe a variant of Win32/PSWTool.MSNPasswordRecovery.A application (unable to clean) 00000000000000000000000000000000 I

C:\Users\johannes\Downloads\password-recovery-for-msn-setup.exe a variant of Win32/PSWTool.MSNPasswordRecovery.A application (unable to clean) 00000000000000000000000000000000 I

C:\Windows.old\Documents and Settings\Jokuc\Application Data\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

C:\Windows.old\Documents and Settings\Jokuc\Lokala inställningar\Temp\FFSetup210.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

${Memory} Win32/RegistryBooster application 00000000000000000000000000000000 I

Länk till kommentar
Dela på andra webbplatser

1. xactengine3_3.dll är en fil som ingår i DirectX. Kan dina problem ha börjat när du installerade DirectX?

 

2. :)

 

3. Skriv av nästa gång du får blåskärm.

 

4. Bra

 

5.

C:\Program Files (x86)\Uniblue\RegistryBooster\decryptor_module.dll Win32/RegistryBooster application (unable to clean)

RegistryBooster är ett tveksamt program att ha. Registerstädningsprogram orsakar då och då problem för att de har städat för mycket. Kan du ha kört RegistryBooster strax innan problemet börjande?

 

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in ett av följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här. Upprepa med nästa filnamn.

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winepm32.rom

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winrjr32.rom

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\wintcm32.rom

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winwiz32.rom

Länk till kommentar
Dela på andra webbplatser

Kör 1,2,3 stilen igen :lol:

 

1. Hm, bra fråga.. Vet inte.

 

3. Hinner liksom inte skriva av, den försvinner efter 10 sekunder typ.

Men fick denna information av datan idag:

Problemsignatur:

Problemhändelsens namn: BlueScreen

OS-version: 6.1.7600.2.0.0.768.3

Språkvariant-ID: 1053

 

Ytterligare information om problemet:

BCCode: d1

BCP1: FFFFF8A00A123298

BCP2: 0000000000000002

BCP3: 0000000000000000

BCP4: FFFFF8800124CFA9

OS Version: 6_1_7600

Service Pack: 0_0

Product: 768_1

 

Filer som hjälper till att beskriva problemet:

C:\Windows\Minidump\121210-29671-01.dmp

C:\Users\johannes\AppData\Local\Temp\WER-48828-0.sysdata.xml

 

:)

 

5. Installerade det igår, fick tips av en polare.

Men läste i ett forum idag att den ej var bra så jag avinstallerade :rolleyes:

 

6.

winepm32.rom

winrjr32.rom

wintcm32.rom

winwiz32.rom

 

Länk till kommentar
Dela på andra webbplatser

1. Hämtade du DirectX på en Microsoft-sida eller följde det med något spel?

 

3.

Stäng av automatiska omstarter vid systemfel:

Kontrollpanelen (klassisk vy) - System - Avancerade inställningar - Start och återställning Inställningar

så stannar blåskärmen med felmeddelandet kvar.

 

0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL

The system attempted to access pageable memory using a kernel process IRQL that was too high. The most typical cause is a bad device driver (one that uses improper addresses). It can also be caused by caused by faulty or mismatched RAM, or a damaged pagefile.

http://www.aumha.org/a/stop.php

 

Installera BlueScreenView och se om det dels kan visa om det är samma "Bug check code" varje gång eller om det varierar samt dels vilken drivrutin det verkar vara som kraschar.

 

6. Går det bra för dig att ta bort filerna:

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winepm32.rom

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winrjr32.rom

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\wintcm32.rom

C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winwiz32.rom

 

Finns det fler filer där med filändelsen .rom?

Länk till kommentar
Dela på andra webbplatser

1. Hämtade från microsoft's hemsida.

 

3. 0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL

Precis så blir det..

aja, ska fixa bluescreenview och se vad vi får fram :)

 

6. Ingen aning vet ej vad de är till för..

Men om inget sabbas kan jag ta bort dem :D

Finns det fler filer där med filändelsen .rom?

Ingen aning, hittar ej mappen. Har testat söka efter dolda, skrivskyddade etc.

Länk till kommentar
Dela på andra webbplatser

6. Åtminstone AppData är en dold mapp.

 

Kör en fullständig skanning med MBAM, i stället för en snabbskanning och se om den då hittar några filer. Om den gör det klistra in loggen och du behöver inte göra nedanstående.

 

Spara SystemLook på Skrivbordet från http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:dir
C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64
:file
C:\Users\johannes\AppData\Local\VirtualStore\Windows\SysWOW64\winepm32.rom

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

Länk till kommentar
Dela på andra webbplatser

Samma resultat som med snabb skanningen.. men aja :rolleyes:

 

---

 

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

 

Databasversion: 5301

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

2010-12-13 18:34:20

mbam-log-2010-12-13 (18-34-11).txt

 

Skanningstyp: Fullständig skanning (C:\|)

Antal skannade objekt: 413719

Förfluten tid: 1 timme(ar), 30 minut(er), 30 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 8

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\program files\FastCap\APIHook1.dll (Trojan.Downloader) -> No action taken.

c:\program files (x86)\alien shooter 2 - conscription\uninstall.exe (Malware.Packer.Krunchy) -> No action taken.

c:\SPEL\reflexive games\aqua bubble 1 + crack\Crack\aquabubble.exe (Malware.Packer.Gen) -> No action taken.

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winepm32.rom (Trojan.Nebuler) -> No action taken.

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winrjr32.rom (Trojan.Nebuler) -> No action taken.

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\wintcm32.rom (Trojan.Nebuler) -> No action taken.

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winwiz32.rom (Trojan.Nebuler) -> No action taken.

c:\Windows.old\documents and settings\Jokuc\application data\desktopicon\ebayshortcuts.exe (Adware.ADON) -> No action taken.

 

 

----------

Raderade:

c:\program files\FastCap\APIHook1.dll

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winepm32.rom

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winrjr32.rom

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\wintcm32.rom

c:\Users\johannes\AppData\Local\virtualstore\Windows\SysWOW64\winwiz32.rom

c:\Windows.old\documents and settings\Jokuc\application data\desktopicon\ebayshortcuts.exe

 

De andra 2 sparade jag, du kanske fattar varför :P

Länk till kommentar
Dela på andra webbplatser

Bra, då är de skadliga rom-filerna borta nu.

 

Det är rätt vanligt att crackade program innehåller diverse skadliga filer.

 

Nu återstår bara en sista städomgång:

 

1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade.

Börja med att skapa en ny systemåterställningspunkt:

XP:

Start - Program- Tillbehör - Systemverktyg - Systemåterställning

Välj att skapa en ny återställningspunkt och tryck på Nästa.

Vista och Windows 7:

Högerklick på Datorn - Egenskaper - Systemskydd

Tryck på Skapa.

 

Ta sedan bort alla gamla systemåterställningspunkter genom att köra diskrensningsprogrammet.

Högerklicka på C: i Den här datorn/Utforskaren och välj Egenskaper.

På fliken Allmänt finns det en knapp som heter Diskrensning. Välj den.

Efter några minuter kommer programmet upp och då väljer du en flik som heter Fler alternativ eller något likande. Tryck på den Rensa-knapp som tar bort alla systemåterställningspunkter utom den senaste.

 

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet.

http://oldtimer.geekstogo.com/OTC.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och ComboFix m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

 

3. Spara TFC (Temporary File Cleaner) av OldTimer på Skrivbordet.

http://oldtimer.geekstogo.com/TFC.exe

 

Stäng alla program och fönster.

Kör TFC (om du har Vista eller Windows 7 så högerklicka på filen och välj Kör som administratör).

Klicka på Start-knappen för att starta städningen.

Det kan ta några minuter och låt datorn vara ifred under tiden.

 

När det är klart är det meningen att datorn ska startas om automatiskt. Om den inte gör det så startar du om datorn själv. Ta bort TFC-filen.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://sites.google.com/site/ceblstockholm/home

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...