seb_seven Skrevet 4. september 2008 Del Skrevet 4. september 2008 Hei! I forbindelse med installering av Winavi har jeg fått problemer med pcen. Jeg får blåskjerm med melding: STOP: 0x0000007E (0xC0000005, 0x828E3308, 0x80758BDC, 0x807588D8) Får ingen drivernavn her. Noen som har vært borti dette elle vet hva det skyldes? Jeg har avinstallert winavi og kjører med et minimum av programmer. Maskinen kjører stabilt i sikkermodus, men jeg får blåskjerm etter ca 5 min ved vanlig kjøring hver gang. Skal prøve windbg i kveld. Lenke til kommentar
seb_seven Skrevet 4. september 2008 Forfatter Del Skrevet 4. september 2008 Hei igjen. Får ikke kjørt windbg da jeg ikke har maskinen lenge nok på net til at jeg får lastet ned symbolene. Jeg har kjørt hijackthis og loggen ligger ved: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:39, on 04.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe C:\Windows\System32\mobsync.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asko-netthandel.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\real\IEeREAD.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\real\WebHook.dll O2 - BHO: D - {75CD857B-A11A-36D3-8D7C-992AE7498183} - C:\Windows\system32\mmx92172.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: gksraemq - {0F4D1291-8DEF-4D4E-AA11-D5B4DD8945C2} - C:\Windows\gksraemq.dll (file missing) O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Global Startup: WirelessSelector.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O21 - SSODL: xrdwbfgn - {CEBF60D9-E890-40BB-9381-A013A958D203} - C:\Windows\xrdwbfgn.dll (file missing) O21 - SSODL: dgksvbpn - {929F5D36-18F2-4AB9-8F43-C45D611D3BDC} - C:\Windows\dgksvbpn.dll (file missing) O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: GtFix - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni Insight\XobniService.exe -- End of file - 8167 bytes Kjørte gjennom analysen på websiden men fikk bare svada svar. Anyone? Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) Først får vi renske opp i det grumset du har. --- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: D - {75CD857B-A11A-36D3-8D7C-992AE7498183} - C:\Windows\system32\mmx92172.dll (file missing) O3 - Toolbar: gksraemq - {0F4D1291-8DEF-4D4E-AA11-D5B4DD8945C2} - C:\Windows\gksraemq.dll (file missing) O13 - Gopher Prefix: O21 - SSODL: xrdwbfgn - {CEBF60D9-E890-40BB-9381-A013A958D203} - C:\Windows\xrdwbfgn.dll (file missing) O21 - SSODL: dgksvbpn - {929F5D36-18F2-4AB9-8F43-C45D611D3BDC} - C:\Windows\dgksvbpn.dll (file missing) --- Høyere klikk cmd.exe"kjør som adminstrator" sc stop GtFix - OptionNV sc delete GtFix - OptionNV --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.tx --- Stop 0X7E, System_Thread_Exception_Not_HandledThis issue may occur if a system thread generates an exception that the error handler does not catch. You receive this error message if one or more of the following conditions are true: .. Incompatible video adapter drivers. .. A damaged device driver or system service. Det kan ligge igjen rester på driver siden fra winavi. Vet ikke om du brukte en keygen,da kan den ha kjør inn malware. Som blir fixet nå. Windbg bør kjøres med symbols viss dette over ikke virker. Mest sansynelig ligger dette på software siden. Det skader alddrig og teste minne,hdd(memtest86+,chkdsk /f/r) Endret 5. september 2008 av SNIPPSAT Lenke til kommentar
seb_seven Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Takk. Har kjørt HijackThis og fikset linjene. Har kjørt cmd.exe Har kjørt CCleaner og ryddet opp. Har kjørt MBAM. Her er logg: Malwarebytes' Anti-Malware 1.26 Database versjon: 1103 Windows 6.0.6001 Service Pack 1 05.09.2008 09:37:42 mbam-log-2008-09-05 (09-37-30).txt Skanntype: Rask Skann Objekter skannet: 40174 Tid tilbakelagt: 3 minute(s), 3 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 23 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken. Filer infisert: C:\Program Files\PCHealthCenter.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter.gif (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> No action taken. C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken. C:\Windows\System32\tdssadw.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\tdssl.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\tdssserf.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\tdssmain.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\tdssinit.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\tdsslog.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\tdssservers.dat (Trojan.Agent) -> No action taken. C:\Windows\System32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken. C:\Users\Ole\AppData\Roaming\Adobe\Manager.exe (Trojan.Agent) -> No action taken. Ang Combofix fikk jeg ingen logfil ved vanlig kjøring. Kjørte som administrator. Fikk da melding om at rootkit var funnet og at maskinen må restartes. Ved restart gjenoprettet Vista maskinen til før jeg startet alle disse prosessene og jeg er tilbake til utgangspunktet. Har kjørt alt en gang til, men som du ser av log i MBAM er ikke feilene her fikset. Ang test av hardware har jeg kjørt to minnetester, bla memtest86+. Jeg har også kjørt test på hdd, uten at jeg har funnet problemer på noen av disse. Lenke til kommentar
wiak Skrevet 5. september 2008 Del Skrevet 5. september 2008 installer nod32 og kjør den i safemode etter du har kjørt spybot search and distory http://www.safer-networking.org/no/index.html http://www.eset.com/download/free_trial_download_int.php Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) Man skal ikke innstalere et antivirus til på systemet det kan bli konflikt. Og spybot er mye dåligere enn MBAM. Det over er kraftige metoder som enn blir grantert ren av. Seb_seven Du må merke av så MBAM sletter problemene. -> No action taken.-->skal det ikke stå. Combofix sin logg fil ligger under root c:\ Combofix.txt. Søk combofix.txt. Husk at combofix skal ligge på skrivebordet. Endret 5. september 2008 av SNIPPSAT Lenke til kommentar
seb_seven Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Hei! Jeg kjørte MBAM på nytt og fjernet problemene. Restartet, og etter dette har jeg ikke fått blåskjerm! Kjørte combofix (dette fungerte etter at problemene var fikset) og fikk følgende logg. ComboFix 08-09-04.08 - Ole 2008-09-05 17:10:26.1 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1044.18.970 [GMT 2:00] Running from: C:\Users\Ole\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 14:36 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-05 10:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-05 10:23 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy 2008-09-05 10:21 --------- d-----w C:\Users\Ole\AppData\Roaming\ESET 2008-09-05 09:21 --------- d-----w C:\Program Files\ESET 2008-09-05 09:21 --------- d-----w C:\PROGRA~2\ESET 2008-09-05 08:46 --------- d-----w C:\Program Files\Safer Networking 2008-09-05 08:01 --------- d-----w C:\Program Files\CCleaner 2008-09-05 08:00 --------- d-----w C:\Program Files\Audacity 2008-09-05 06:31 --------- d-----w C:\Users\Ole\AppData\Roaming\Malwarebytes 2008-09-05 06:31 --------- d-----w C:\PROGRA~2\Malwarebytes 2008-09-04 20:38 --------- d-----w C:\Program Files\Debugging Tools for Windows (x86) 2008-09-04 18:26 --------- d-----w C:\Program Files\Trend Micro 2008-09-04 10:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-09-03 21:09 --------- d-----w C:\Program Files\Intel 2008-09-03 21:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-03 21:03 --------- d-----w C:\Users\Ole\AppData\Roaming\InstallShield 2008-09-02 21:02 174 --sha-w C:\Program Files\desktop.ini 2008-09-02 20:52 --------- d-----w C:\Program Files\Windows Sidebar 2008-09-02 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-09-02 20:52 --------- d-----w C:\Program Files\Windows Mail 2008-09-02 20:52 --------- d-----w C:\Program Files\Windows Journal 2008-09-02 20:52 --------- d-----w C:\Program Files\Windows Collaboration 2008-09-02 20:52 --------- d-----w C:\Program Files\Windows Calendar 2008-09-02 20:51 --------- d-----w C:\Program Files\Windows Defender 2008-09-02 12:11 2,432 ----a-w C:\backup.reg 2008-09-02 11:30 --------- d-----w C:\Program Files\a-squared Anti-Malware 2008-09-02 06:47 --------- d-----w C:\Program Files\Google 2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-01 19:30 --------- d-----w C:\PROGRA~2\Lavasoft 2008-09-01 19:26 --------- d-----w C:\Program Files\Lavasoft 2008-09-01 18:35 --------- d-----w C:\Program Files\RegCleaner 2008-09-01 18:02 47,360 ----a-w C:\Users\Ole\AppData\Roaming\pcouffin.sys 2008-09-01 18:02 --------- d-----w C:\Users\Ole\AppData\Roaming\Vso 2008-09-01 17:56 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys 2008-09-01 17:47 --------- d-----w C:\PROGRA~2\Installations 2008-09-01 17:46 --------- d-----w C:\Program Files\Nokia 2008-09-01 17:46 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-09-01 17:46 --------- d-----w C:\Program Files\Common Files\Nokia 2008-09-01 17:43 --------- d-----w C:\Program Files\PC Connectivity Solution 2008-08-31 19:41 --------- d-----w C:\Users\Ole\AppData\Roaming\OpenOffice.org2 2008-08-28 01:07 --------- d-----w C:\PROGRA~2\Microsoft Help 2008-08-28 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-27 09:17 --------- d-----w C:\Users\Ole\AppData\Roaming\HP 2008-08-27 05:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-27 05:55 --------- d-----w C:\PROGRA~2\Symantec 2008-08-05 21:12 --------- d-----w C:\Users\Ole\AppData\Roaming\vlc 2008-08-05 20:08 --------- d-----w C:\Program Files\VideoLAN 2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-07-27 19:48 --------- d-----w C:\Program Files\Xobni Insight 2008-07-27 19:13 --------- d-----w C:\Program Files\Java 2008-07-21 12:11 24,392 ----a-w C:\Windows\system32\drivers\ElbyCDIO.sys 2008-07-14 07:07 --------- d-----w C:\Program Files\iTunes 2008-07-14 07:07 --------- d-----w C:\Program Files\iPod 2008-07-14 07:06 --------- d-----w C:\Program Files\Bonjour 2008-07-14 07:05 --------- d-----w C:\Program Files\QuickTime 2008-07-10 07:35 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys . ((((((((((((((((((((((((((((( snapshot@2008-09-05_17.05.59.84 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-05 14:59:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-05 15:15:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-05 14:59:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-05 15:15:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-05 15:01:12 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-05 15:15:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-09-05 15:15:50 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-05 15:01:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-05 15:15:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-09-05 15:15:50 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-05 10:27:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-05 15:11:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-05 10:27:15 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-05 15:11:42 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-05 10:27:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-05 15:11:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-04 18:34:11 42,394 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-05 15:08:26 43,004 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-04 18:34:11 12,958 ----a-w C:\Windows\System32\perfc014.dat + 2008-09-05 15:08:26 13,542 ----a-w C:\Windows\System32\perfc014.dat - 2008-09-04 18:34:11 311,926 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-05 15:08:26 312,536 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-04 18:34:11 42,300 ----a-w C:\Windows\System32\perfh014.dat + 2008-09-05 15:08:26 43,286 ----a-w C:\Windows\System32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936] "TouchPadHotKey"="C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-06-26 360448] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-02 1244848] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-02-15 651776] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-09 23:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-10 10:51 289064 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] --a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] --a------ 2008-08-11 08:31 1124352 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-18 23:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5] --a------ 2007-05-19 03:44 741376 C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamHotKey] --a------ 2007-06-26 14:57 376832 C:\Program Files\FSC\WebCam HotKey Utility\Webcam_HotKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-18 23:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2007-06-13 13:11 4489216 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] --a------ 2007-05-28 20:39 1826816 C:\Windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2010A1C9-3EC7-47FF-87FA-45DAD0ADAFBC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{F8109390-089C-4D63-947F-92A7305E163E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A871485E-6D39-4C0F-80E6-F6DE268BCCC4}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{88B6ABA8-7326-44AE-B115-82710C6006BE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{ECF8D06B-F7A0-4C43-BD10-0728B28EB954}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080429.001\IDSvix86.sys [2008-02-14 261680] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 GtFix;GtFix;C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe [2007-07-14 114688] R3 acpi_contactor;acpi_contactor Driver;C:\Windows\system32\DRIVERS\acpi_contactor_vista.sys [2007-04-13 7680] R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\Windows\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 122496] R3 GTPTSER;GT PT SER;C:\Windows\system32\DRIVERS\gtptser.sys [2007-04-14 8064] R3 GTUQBUS;GT UQ BUS;C:\Windows\system32\DRIVERS\gtuqbus.sys [2007-04-14 37120] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 37936] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-03 245248] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 HPPLSBULK;HPPLSBULK;C:\Windows\system32\drivers\hpplsbulk.sys [2005-02-03 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \shell\AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \shell\AutoRun\command - F:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a73fb882-7905-11dd-b836-806e6f6e6963}] \shell\AutoRun\command - D:\LaunchU3.exe -a *Newly Created Service* - COMHOST . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\j9a1b4gr.default\ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 17:15:53 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Xobni Insight\XobniService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\Windows\System32\igfxsrvc.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Completion time: 2008-09-05 17:21:41 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-05 15:21:34 ComboFix2.txt 2008-09-05 15:06:45 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 54,928,228,352 byte ledig 259 --- E O F --- 2008-08-28 01:07:19 Selv om pc tilsynelatende fungerer greit ønsker jeg å være sikker på at alt er borte. Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) Fjern ESET Smart Security,skal du gjøre dette må du fjerne norton først. --- Last ned Avenger Kopiere fet tekst,start avenger lim tekst inn i "input script here" Trykk på execute knappen. Files to delete: C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe --- Ny runde med CCleaner. Da er du ren,du får se hvordan det går med blåskjermen. Endret 5. september 2008 av SNIPPSAT Lenke til kommentar
friskies Skrevet 5. september 2008 Del Skrevet 5. september 2008 Blåskjerm og problemer i Vista? Nei du den tror jeg ikke på! Enn å fare med slik løgn på internettet! Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) Ja tror du blåskjerm ble borte med vista Søk. Endret 5. september 2008 av SNIPPSAT Lenke til kommentar
seb_seven Skrevet 6. september 2008 Forfatter Del Skrevet 6. september 2008 Takk for god hjelp! Maskinen kjører stabilt nå. Virker som blåskjermen er borte. CCleaner finner ingenting nå. Men hvilket program er globetrotter connect? det var forhåndsinstallert på maskina da jeg fikk den. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå