Merkelig blåskjerm... virus?

5. januar 2007

Heisann. Når jeg starter opp windows og logger inn går det noen minutter før skjermen fryser i 1 sekund og blåskjerm kommer opp i et sekund. Så restartes maskinen. Jeg sitter nå og skriver i sikkerhetsmodus. I kjørte jeg en avast! scan. Denne fann ikke noen virus. Jeg kjørte også bitdefender online scan. Der fikk jeg tak i et eller to virus. Jeg prøvde å kjøre vanlig modus igjen, men samme feilen skjedde. Jeg kan godt poste en logg fra hijackthis om noen forteller meg om det er sikkerhetsmodus eller vanlig modus man skal kjøre for å bruke den. Det kan godt hende det er noe annet enn virus som har forårsaket dette, men jeg vet ikke hva.

norbat · 5. januar 2007

Står det noe på disse blåskjermene , noen tallkoder? Det kan kanskje hjelpe for å finne ut hva det er som forårsaker dette. Hvis du har problemer med å lese blåskjermen fordi maskinene restarter, kan du slå av den funksjonene som fører til restart: Kontrollpanel->system->avansert->Oppstart og gjenoppretting->innstillinger. Fjern merke framfor "Start på nytt automatisk" (under Systemfeil")

Du kan også prøve, fra normal modus, å kjøre Combofix. Den lager en logg som du poster.

5. januar 2007

Dette er blåskjermen som kommer opp. Har merket at 30sekunder før blåskjermen bruker dataen unormalt lang tid før den klarer å gjøre noe, f.eks. åpne min datamaskin.

norbat · 5. januar 2007

Du har en rootkit som mest sannsynlig forårsaker denne blåskjermen. Rootkit er noe svineri og til tider noe vanskelig å få fjernet uten en reinstall av hele OS'et. :hm:

Men, la oss prøve :dremel:

Last ned Rustbfix. Kjør programmet. Pc'n vil muligens restarte. Det lages et par logger som du poster.

Last ned Hijackthis og kjør programmet slik at du får laget en logg. Denne legger du ut sammen med Rustbfix-loggen. PS! Før du kjører Hijackthis, forandrer du programnavnet, hijackthis.exe, til noe annet, eks. test.exe.

Endret 5. januar 2007 av norbat

5. januar 2007

Du har en rootkit som mest sannsynlig forårsaker denne blåskjermen. Rootkit er noe svineri og til tider noe vanskelig å få fjernet uten en reinstall av hele OS'et.

Men, la oss prøve

Last ned Rustbfix. Kjør programmet. Pc'n vil muligens restarte. Det lages et par logger som du poster.

Last ned Hijackthis og kjør programmet slik at du får laget en logg. Denne legger du ut sammen med Rustbfix-loggen. PS! Før du kjører Hijackthis, forandrer du programnavnet, hijackthis.exe, til noe annet, eks. test.exe.

7651583[/snapback]

Superdupert! Skal jeg bruke normal eller sikkerhetsmodus?

norbat · 5. januar 2007

Kjør det fra normal modus

5. januar 2007

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 21:03, on 07-01-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

D:\Programfiler\Avast!\aswUpdSv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

D:\Programfiler\Avast!\ashServ.exe

D:\PROGRA~1\Avast!\ashDisp.exe

D:\Programfiler\ZoneAlarm\zlclient.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe

D:\Programfiler\Downloads\USBToolBox2\USBToolBox2\USBRun.exe

D:\Programfiler\Mozilla Firefox\firefox.exe

D:\Programfiler\Razer\razerhid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

D:\Programfiler\Razer\razertra.exe

D:\Programfiler\Razer\razerofa.exe

D:\Programfiler\Avast!\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

D:\Programfiler\Downloads\hijackthis\nesevis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programfiler\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programfiler\Free Download Manager\iefdmcks.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast!\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programfiler\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [usbrun] D:\Programfiler\Downloads\USBToolBox2\USBToolBox2\USBRun.exe

O4 - HKLM\..\Run: [razer] D:\Programfiler\Razer\razerhid.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Free Download Manager] D:\Programfiler\Free Download Manager\fdm.exe -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programfiler\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programfiler\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programfiler\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163791065514

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163790751202

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - AppInit_DLLs: MsgPlusLoader.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programfiler\Avast!\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - D:\Programfiler\Avast!\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - D:\Programfiler\Avast!\ashWebSv.exe" /service (file missing)

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Jeg klarte ikke å kjøre det andre programmet. Det kom bare errors

Klikk for å se/fjerne innholdet nedenfor

************************* Rustock.b-fix -- By ejvindh *************************

07-01-05 21:16:35.51

No Rustock.b-rootkits found

******************************* End of Logfile ********************************

Edit: Nå har det var forferdelig lenge i vanlig modus her. Noe sinnsykt som skjer her eller?

Endret 5. januar 2007 av Slettet+987123897

norbat · 5. januar 2007

Kjør HJT og fix

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

Klikk på Start->Kjør. Skriv: Services.msc klikk OK.

Finn følgende services: Microsoft authenticate service (MsaSvc), høyreklikk på den, velg egenskaper. Under oppstartstype velger du deaktivert.

Last ned Combofix igjen, til skrivebordet og kjør programmet (fra normal modus). Ikke klikk på noe annet når programmet kjører. Programmet lager en logg, typisk C:\combofix.txt. Legg den ut.

Endret 5. januar 2007 av norbat

5. januar 2007

Jeg prøvde å slette O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing), men når jeg scannet igjen kom den opp igjen. Jeg fikk heller ikke til å finne Microsoft authenticate service (MsaSvc). Les det på bildet nøye. Imens skal jeg se om jeg klarer å finne utav Combofix

norbat · 5. januar 2007

Ser du har to versjoner av hijackthis. Ikke bruk 1.98.x versjonen.

Har du restartet etter å ha forsøkt å fixe 023-linja? Hvis ikke, gjør det og legg deretter ut en ny HJT-logg

5. januar 2007

Klikk for å se/fjerne innholdet nedenfor

Bj›rn Petter - 07-01-05 22:09:15.68 Service Pack 2

ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Bj›rn Petter"

((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))

2007-01-05 21:07 <DIR> d-------- C:\avenger

2007-01-05 18:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2007-01-03 15:57 <DIR> d--hs---- C:\Documents and Settings\Bjorn Petter\Siste

2006-12-30 13:06 306,688 --a------ C:\WINDOWS\IsUninst.exe

2006-12-29 00:44 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Sun

2006-12-25 17:08 <DIR> d-------- C:\WESTWOOD

2006-12-25 15:55 88,576 --a------ C:\WINDOWS\RAUNINST.EXE

2006-12-19 20:26 13,225 --a------ C:\WINDOWS\system32\drivers\Razerlow.sys

2006-12-19 16:57 <DIR> d-------- C:\WINDOWS\Sun

2006-12-19 15:58 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2006-12-18 14:50 92,208 --a------ C:\WINDOWS\system\WING.DLL

2006-12-18 14:50 85,984 --a------ C:\WINDOWS\system\COMETSS.SCR

2006-12-18 14:50 27,136 --a------ C:\WINDOWS\system\WAVMIX16.DLL

2006-12-18 14:50 188,960 --a------ C:\WINDOWS\system\WINGDE.DLL

2006-12-18 14:50 12,800 --a------ C:\WINDOWS\system\WING32.DLL

2006-12-17 19:51 <DIR> dr--s---- C:\WINDOWS\assembly

2006-12-17 19:51 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2006-12-17 19:51 <DIR> d-------- C:\WINDOWS\Microsoft.NET

2006-12-17 19:47 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Sony

2006-12-17 19:47 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Publish Providers

2006-12-17 19:44 <DIR> d-------- C:\Programfiler\Vstplugins

2006-12-17 19:44 <DIR> d-------- C:\Programfiler\Sony

2006-12-17 14:16 <DIR> d-------- C:\Programfiler\Fellesfiler\SystemRequirementsLab

2006-12-17 14:16 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\System Requirements Lab

2006-12-17 01:25 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Sony Setup

2006-12-16 21:04 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll

2006-12-16 21:03 <DIR> d-------- C:\WINDOWS\pss

2006-12-16 20:35 299,520 --a------ C:\WINDOWS\uninst.exe

2006-12-16 20:34 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\WINDOWS

2006-12-16 17:33 <DIR> d--hs---- C:\Config.Msi

2006-12-10 22:55 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2006-12-10 15:07 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll

2006-12-10 15:03 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2006-12-10 14:45 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Talkback

2006-12-10 14:45 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Mozilla

2006-12-10 13:33 <DIR> d--hs---- C:\WINDOWS\CSC

2006-12-10 12:27 336 --a------ C:\Documents and Settings\Bjorn Petter\Programdata\nt24.dll

2006-12-10 05:00 8,668 --------- C:\WINDOWS\system32\drivers\ALiGP.SYS

2006-12-10 05:00 5,337 --------- C:\WINDOWS\system32\drivers\ALiRTHUB.SYS

2006-12-10 05:00 35,587 --------- C:\WINDOWS\system32\rmusb20.EXE

2006-12-10 05:00 28,672 --------- C:\WINDOWS\system32\Unusb20.exe

2006-12-10 05:00 17,835 --------- C:\WINDOWS\system32\drivers\ALiHUB.SYS

2006-12-10 05:00 104,088 --------- C:\WINDOWS\system32\drivers\ALiEHCI.SYS

2006-12-10 05:00 <DIR> d-------- C:\WINDOWS\system32\ALIEHCI

2006-12-10 04:51 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Sony Corporation

2006-12-10 04:43 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys

2006-12-10 04:43 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL

2006-12-10 04:43 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys

2006-12-10 04:43 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll

2006-12-10 04:43 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys

2006-12-10 04:43 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys

2006-12-10 04:43 <DIR> d-------- C:\Drivers

2006-12-07 15:58 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\dvdcss

2006-12-06 22:55 <DIR> d-------- C:\Documents and Settings\Bjorn Petter\Programdata\vlc

2006-12-06 22:11 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll

2006-12-06 22:11 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll

2006-12-06 22:11 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2006-12-06 22:11 16,512 --a------ C:\WINDOWS\system32\drivers\aspi32.sys

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-05 21:57 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Free Download Manager

2007-01-05 21:10 -------- d-------- C:\Programfiler\Internet Explorer

2007-01-05 21:09 -------- d-------- C:\Programfiler\Outlook Express

2007-01-05 21:09 -------- d-------- C:\Programfiler\Fellesfiler\System

2007-01-05 18:11 -------- d-------- C:\Programfiler\Fellesfiler

2007-01-03 21:04 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Skype

2006-12-30 13:11 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Adobe

2006-12-30 13:07 -------- d-------- C:\Programfiler\Fellesfiler\Adobe

2006-12-20 14:55 -------- d---s---- C:\Documents and Settings\Bjorn Petter\Programdata\Microsoft

2006-12-19 20:26 -------- d--h----- C:\Programfiler\InstallShield Installation Information

2006-12-10 21:01 -------- d-------- C:\Programfiler\Fellesfiler\Microsoft Shared

2006-12-06 21:32 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2006-12-05 16:15 -------- d-------- C:\Programfiler\Yahoo!

2006-12-05 14:23 112 --a------ C:\Documents and Settings\Bjorn Petter\Programdata\mainhst.zgh

2006-12-04 19:01 -------- d-------- C:\Programfiler\Microsoft Bootvis

2006-12-03 21:03 -------- d-------- C:\Programfiler\Windows Media Player

2006-12-03 21:03 -------- d-------- C:\Programfiler\Windows Media Connect 2

2006-12-01 17:12 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\uTorrent

2006-11-26 12:26 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\MSN6

2006-11-22 20:28 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\DivX

2006-11-20 21:16 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Macromedia

2006-11-19 17:03 -------- d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment

2006-11-19 13:53 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\InstallShield Installation Information

2006-11-19 12:03 -------- d-------- C:\Programfiler\Messenger

2006-11-18 23:57 -------- d-------- C:\Programfiler\Skype

2006-11-18 23:48 -------- d-------- C:\Programfiler\MSN Messenger

2006-11-18 12:22 27607 --a------ C:\WINDOWS\BricoPackUninst.cmd

2006-11-18 12:22 1438 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2006-11-18 00:03 -------- d-------- C:\Programfiler\Java

2006-11-18 00:01 -------- d-------- C:\Programfiler\Fellesfiler\Java

2006-11-17 23:15 218624 --a------ C:\WINDOWS\system32\uxtheme.dll

2006-11-17 22:12 -------- d-------- C:\Programfiler\Movie Maker

2006-11-17 22:10 -------- d-------- C:\Programfiler\Windows NT

2006-11-17 22:10 -------- d-------- C:\Programfiler\NetMeeting

2006-11-17 20:32 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Lavasoft

2006-11-17 20:23 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Opera

2006-11-17 20:18 -------- d--h----- C:\Programfiler\WindowsUpdate

2006-11-17 19:55 -------- d-------- C:\Programfiler\NVIDIA Corporation

2006-11-17 19:55 -------- d-------- C:\Programfiler\Fellesfiler\InstallShield

2006-11-17 18:36 -------- d-------- C:\Programfiler\Realtek Sound Manager

2006-11-17 18:36 -------- d-------- C:\Programfiler\AvRack

2006-11-17 18:35 -------- d-------- C:\Programfiler\Realtek AC97

2006-11-17 18:33 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\AdobeUM

2006-11-17 18:25 -------- d-------- C:\Programfiler\Fellesfiler\Nero

2006-11-17 18:25 -------- d-------- C:\Programfiler\Fellesfiler\LightScribe

2006-11-17 18:23 -------- d-------- C:\Programfiler\Fellesfiler\Ahead

2006-11-17 18:23 -------- d-------- C:\Programfiler\Ahead

2006-11-17 18:13 -------- d-------- C:\Programfiler\Microsoft.NET

2006-11-17 18:13 -------- d-------- C:\Programfiler\Fellesfiler\DESIGNER

2006-11-17 18:07 -------- d--h----- C:\Programfiler\Uninstall Information

2006-11-17 18:07 -------- d-------- C:\Documents and Settings\Bjorn Petter\Programdata\Identities

2006-11-17 17:31 -------- d-------- C:\Programfiler\xerox

2006-11-17 17:31 -------- d-------- C:\Programfiler\microsoft frontpage

2006-11-17 17:30 0 -rahs---- C:\MSDOS.SYS

2006-11-17 17:30 0 -rahs---- C:\IO.SYS

2006-11-17 17:30 0 --a------ C:\CONFIG.SYS

2006-11-17 17:30 0 --a------ C:\AUTOEXEC.BAT

2006-11-17 17:29 -------- d-------- C:\Programfiler\Fellesfiler\Tjenester

2006-11-17 17:28 -------- d-------- C:\Programfiler\MSN Gaming Zone

2006-11-17 17:28 -------- d-------- C:\Programfiler\MSN

2006-11-17 17:28 -------- d-------- C:\Programfiler\Fellesfiler\MSSoap

2006-11-17 17:28 -------- d-------- C:\Programfiler\Elektroniske tjenester

2006-11-17 17:28 -------- d-------- C:\Programfiler\ComPlus Applications

2006-11-17 17:20 -------- d-------- C:\Programfiler\Fellesfiler\SpeechEngines

2006-11-17 17:20 -------- d-------- C:\Programfiler\Fellesfiler\ODBC

2006-11-17 17:19 62 --ahs---- C:\Documents and Settings\Bjorn Petter\Programdata\desktop.ini

2006-11-15 11:07 8247296 --a------ C:\WINDOWS\system32\wmploc.dll

2006-11-15 10:46 99840 --a------ C:\WINDOWS\system32\wmpshell.dll

2006-11-15 10:45 225280 --------- C:\WINDOWS\system32\wmerror.dll

2006-11-15 10:43 7168 --a------ C:\WINDOWS\system32\asferror.dll

2006-11-08 06:08 679424 --a------ C:\WINDOWS\system32\inetcomm.dll

2006-11-02 11:52 38912 --------- C:\WINDOWS\system32\wpdshextres.dll

2006-10-20 02:39 713728 --a------ C:\WINDOWS\system32\sxs.dll

2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe

2006-10-18 21:58 8704 --------- C:\WINDOWS\system32\uwdf.exe

2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll

2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll

2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll

2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll

2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll

2006-10-18 21:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll

2006-10-18 21:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll

2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll

2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll

2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll

2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll

2006-10-18 21:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll

2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll

2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll

2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL

2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\WMVADVD.dll

2006-10-18 21:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll

2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll

2006-10-18 21:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll

2006-10-18 21:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll

2006-10-18 21:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll

2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll

2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll

2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll

2006-10-18 21:47 314880 --------- C:\WINDOWS\system32\wmpdxm.dll

2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll

2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll

2006-10-18 21:47 276992 --------- C:\WINDOWS\system32\audiodev.dll

2006-10-18 21:47 27136 --------- C:\WINDOWS\system32\mspmsnsv.dll

2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll

2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll

2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll

2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll

2006-10-18 21:47 242688 --------- C:\WINDOWS\system32\wmpasf.dll

2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll

2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll

2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll

2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll

2006-10-18 21:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll

2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll

2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll

2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll

2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll

2006-10-18 21:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll

2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll

2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll

2006-10-18 21:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll

2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll

2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll

2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll

2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll

2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll

2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll

2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll

2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll

2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll

2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe

2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe

2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe

2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll

2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll

2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

2006-10-06 19:56 9584 --a------ C:\WINDOWS\system32\LMImirr2.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"Free Download Manager"="D:\\Programfiler\\Free Download Manager\\fdm.exe -autorun"

"msnmsgr"="\"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"

"SoundMan"="SOUNDMAN.EXE"

"avast!"="D:\\PROGRA~1\\Avast!\\ashDisp.exe"

"Zone Labs Client"="\"D:\\Programfiler\\ZoneAlarm\\zlclient.exe\""

"SunJavaUpdateSched"="\"C:\\Programfiler\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

"Usbrun"="D:\\Programfiler\\Downloads\\USBToolBox2\\USBToolBox2\\USBRun.exe"

"razer"="D:\\Programfiler\\Razer\\razerhid.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min gjeldende hjemmeside"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"

"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"

"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="daemon"

"hkey"="HKLM"

"command"="\"D:\\Programfiler\\DAEMON Tools\\daemon.exe\" -lang 1033"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsgPlus"

"hkey"="HKLM"

"command"="\"D:\\Programfiler\\Messenger pluss\\MsgPlus.exe\""

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Programfiler\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MsnMsgr"

"hkey"="HKCU"

"command"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Steam"

"hkey"="HKCU"

"command"="\"D:\\Programfiler\\Steam\\Steam.exe\" -silent"

"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-05 22:09:43.70

C:\ComboFix.txt ... 07-01-05 22:09

C:\ComboFix2.txt ... 07-01-05 22:07

C:\ComboFix3.txt ... 07-01-05 22:07

Poenget med 1.98.2 var å slette filen på grunn av det som stod som informasjon, men du vet helt klart mer enn meg om dette, så jeg skal ikke bruke 1.98.2 versjonen da . Har prøvd å slette den, og restarte. Den er der fortsatt. Noe vits å prøve igjen?

Endret 5. januar 2007 av Slettet+987123897

norbat · 5. januar 2007

Last ned Avenger, pakk det ut på skrivebordet.

Start Avenger.

Hak av for 'Input script manually'.

Klikk på forstørrelsesglasset.

Kopier det som står i bold under og lim det inn i feltet.

Files to delete:

C:\WINDOWS\system32\msasvc.exe (file missing)

Klikk 'Done'.

Klikk på Trafikklyset for å start fixet

Klikk ok og restart pc'n

KJør HJT og fix

C:\WINDOWS\system32\msasvc.exe (file missing)

Post deretter en ny HJT-logg

5. januar 2007

Resultat av Avenger:

Klikk for å se/fjerne innholdet nedenfor

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\moddfvdw

*******************

Script file located at: \??\C:\Documents and Settings\awoobeqa.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\msasvc.exe (file missing) not found!

Deletion of file C:\WINDOWS\system32\msasvc.exe (file missing) failed!

Could not process line:

C:\WINDOWS\system32\msasvc.exe (file missing)

Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Dette førte til at jeg ikke kunne slette den i hijackthis denne gangen heller :hmm: merkverdig

Klikk for å se/fjerne innholdet nedenfor

Logfile of HijackThis v1.99.1

Scan saved at 23:24:51, on 05.01.2007