Biskus Skrevet 12. september 2007 Del Skrevet 12. september 2007 Så i morgest fant jeg ut at jeg skulle installere antivirus siden jeg ikke har brukt det på en stund. Valgte Avast antivirus, har alltid hatt lyst til å prøve dem. Men så rebooter pcen seg når jeg prøver å fjerne et virus, så jeg prøver å starte på nytt. Hver gang jeg er på vei til å skrive inn brukernavn og passord for brukeren min, starter pcen på nytt (akkurat som om jeg trykker på reset knappen). Så jeg starter pcen i sikkerhets modus, kjører avast og fjerner virus, temp. filer osv. Men problemet er der enda. Det siste jeg er prøvd er å velge sånn at pcen ikke restarter seg ved systemfeil under den F8-menyen under oppstarten. Da kommer jeg meg inn i Windows på vanlig måte men får en bluescreen før den er ferdig med oppstartsprosessen. Har en god del erfaring med PC problemer osv, men denne klarer jeg ikke finne ut av. Hadde ingen problemer med bluescreens eller reboots før jeg fjerna de virusene. På bluescreen står det *bla bla hvis ikke dette har skjedd før... bla bla* Teknisk informasjon: *** STOP: 0x0000007F (0x0000000D, 0x0000000, 0x0000000, 0x0000000) Takker for all hjelp jeg kan få. Lenke til kommentar
Biskus Skrevet 12. september 2007 Forfatter Del Skrevet 12. september 2007 Har googla litt rundt, og det virker som om det er et hardware problem. Det jeg ikke skjønner er hvorfor det plutselig kommer nå. Lenke til kommentar
norbat Skrevet 12. september 2007 Del Skrevet 12. september 2007 (endret) Står det ingen referanse til noen fil under den stopkoden? Du kunne ha forsøkt å 'Velge siste fungerende......." når du får opp F8 menyen og sett om du da ikke får startet i normal modus. Evt. fra sikkermodus kjørt en systemgjenoppretting til før du fjernet virusfila slik at man kan finne ut hva som er beste måte å få fjernet den på. Post gjerne en hjt-logg: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Endret 12. september 2007 av norbat Lenke til kommentar
Biskus Skrevet 12. september 2007 Forfatter Del Skrevet 12. september 2007 Står det ingen referanse til noen fil under den stopkoden? Du kunne ha forsøkt å 'Velge siste fungerende......." når du får opp F8 menyen og sett om du da ikke får startet i normal modus. Evt. fra sikkermodus kjørt en systemgjenoppretting til før du fjernet virusfila slik at man kan finne ut hva som er beste måte å få fjernet den på. Post gjerne en hjt-logg: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. 9480419[/snapback] Nei, det står ingen referanse under stoppkoden. Prøvd "Sist fungerende..." under oppstartsmenyen nå, funket faktisk fint. Er oppe å går i Windows nå uten problemer. Men lurer på hva feilen var. Lenke til kommentar
Biskus Skrevet 12. september 2007 Forfatter Del Skrevet 12. september 2007 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:25:13 PM, on 9/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe L:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe C:\iFtpSvc\iFtpSvc.exe E:\Borland\InterBase\bin\ibguard.exe C:\Programfiler\LogMeIn\RaMaint.exe C:\Programfiler\LogMeIn\LogMeIn.exe L:\Programfiler\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe E:\NetLimiter 2 Proz\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programfiler\Cyberlink\Shared files\RichVideo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe E:\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\Explorer.EXE E:\NetLimiter 2 Proz\NLClient.exe D:\programfiler\powerstrip\pstrip.exe L:\Programfiler\Google\Gmail Notifier\gnotify.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe L:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RUNDLL32.EXE L:\Programfiler\LcdStudio\LcdStudio.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDClock.exe L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Fellesfiler\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Messenger\MSMSGS.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe E:\Programfiler\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\SearchIndexer.exe L:\Programfiler\Opera\Opera.exe L:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/no/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Adobereader\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PowerStrip] d:\programfiler\powerstrip\pstrip.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] L:\Programfiler\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [ZoneAlarm Client] "L:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LcdStudio] L:\Programfiler\LcdStudio\LcdStudio.exe O4 - HKLM\..\Run: [avast!] L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Clean Traces - E:\Programfiler\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - E:\Programfiler\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - E:\Programfiler\DAP\dapextie2.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - O17 - HKLM\System\CCS\Services\Tcpip\..\{ECDADDA6-C04B-4AEA-A485-CDBC645CAF44}: NameServer = 80.89.32.10,80.89.32.20 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - L:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: BlackMoon FTP Service (BMFTP-RELEASE) - Selom Ofori - E:\Programfiler\Selom Ofori\BlackMoon FTP Server\FTPService.exe O23 - Service: BMFTPRealTimeStats - Selom Ofori - E:\Programfiler\Selom Ofori\BlackMoon FTP Server\BMFTPRealTimeStats.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ipswitch WS_FTP Server (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - E:\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - E:\Borland\InterBase\bin\ibserver.exe O23 - Service: InterBase InterClient Server (InterServer) - InterBase - E:\Borland\InterBase\InterClient\bin\interserver.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\LogMeIn.exe O23 - Service: MySQL - Unknown owner - L:\Programfiler\MySQL\MySQL.exe (file missing) O23 - Service: NetLimiter (nlsvc) - Locktime Software - E:\NetLimiter 2 Proz\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\Cyberlink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7715 bytes Lenke til kommentar
snippsat Skrevet 12. september 2007 Del Skrevet 12. september 2007 (endret) Feilen er vel at du ikke har brukt antivirus. Så installerer du et antivirus program som finner virus og prøver og fjerne det. Ødlegger eller fjerner win filer. Så gjør som norbat sier post en hjt-logg. Ahh litt sent ute he Endret 12. september 2007 av SNIPPSAT Lenke til kommentar
norbat Skrevet 12. september 2007 Del Skrevet 12. september 2007 Fix denne med HJT: (Start hjt, velg 'Do a system scan only', sett merke framfor følgende linje og klikk 'Fix checked') O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} - Det hender av og til at BSOD blir resultatet når man fjerner div. infiserte filer. Vi kan godt ta en ekstra sjekk med Combofix: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (vanligvis c:\combofix.txt) Lenke til kommentar
Biskus Skrevet 12. september 2007 Forfatter Del Skrevet 12. september 2007 ComboFix 07-09-10.6 - "Biskus" 2007-09-12 18:30:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.939 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx ((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 ))))))))))))))))))))))))))))))) . 2007-09-12 18:29 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-12 13:22 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1.BIS\Programdata 2007-09-12 13:22 <DIR> dr------- C:\DOCUME~1\ADMINI~1.BIS\Start-meny 2007-09-12 13:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.BIS\Skrivere 2007-09-12 13:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.BIS\Siste 2007-09-12 13:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.BIS\Maler 2007-09-12 13:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.BIS\Lokale innstillinger 2007-09-12 13:22 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.BIS\AndrMask 2007-09-12 13:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.BIS\Skrivebord 2007-09-12 13:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.BIS\Mine dokumenter 2007-09-12 13:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1.BIS\Favoritter 2007-09-12 13:17 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Programdata 2007-09-12 13:17 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Start-meny 2007-09-12 13:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skrivere 2007-09-12 13:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Siste 2007-09-12 13:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Maler 2007-09-12 13:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale innstillinger 2007-09-12 13:17 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\AndrMask 2007-09-12 13:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord 2007-09-12 13:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Mine dokumenter 2007-09-12 13:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Favoritter 2007-09-12 12:57 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-09-12 12:57 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-12 12:57 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-12 12:57 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-09-12 12:57 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-12 12:57 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-12 12:57 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-12 13:34 --------- d-------- C:\DOCUME~1\Biskus\PROGRA~1\RealJoyDead 2007-09-12 13:18 183836 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-12 13:18 15644704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-12 13:05 --------- d-------- C:\Programfiler\LogMeIn 2007-09-10 20:48 --------- d-------- C:\DOCUME~1\Biskus\PROGRA~1\uTorrent 2007-08-30 16:22 --------- d-------- C:\DOCUME~1\Biskus\PROGRA~1\dvdcss 2007-08-10 11:54 --------- d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-08-10 11:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Lavasoft 2007-08-05 03:58 --------- d-------- C:\Programfiler\Octoshape Streaming Services 2007-08-03 11:25 --------- d-------- C:\Programfiler\RealJoyDead 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-24 19:59 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-07-24 19:58 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-07-24 01:44 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-07-16 03:25 --------- d-------- C:\Programfiler\Vstplugins 2007-07-16 03:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\Sony 2007-07-13 00:58 --------- d-------- C:\DOCUME~1\Biskus\PROGRA~1\Hamachi 2007-06-24 06:17 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe 2007-06-21 21:54 75248 --a------ C:\WINDOWS\zllsputility.exe 2007-06-21 21:54 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 13:03 C:\WINDOWS\KHALMNPR.Exe] "PowerStrip"="d:\programfiler\powerstrip\pstrip.exe" [2007-04-08 15:22] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="L:\Programfiler\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48] "Launch LCDMon"="C:\Programfiler\Fellesfiler\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 16:54] "Launch LGDCore"="C:\Programfiler\Fellesfiler\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22] "ZoneAlarm Client"="L:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26] "LcdStudio"="L:\Programfiler\LcdStudio\LcdStudio.exe" [2007-04-12 18:28] "avast!"="L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2004-10-13 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Programfiler\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2006-10-06 19:56 11504 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact] RegCompact.dll 2006-11-09 19:32 149248 C:\WINDOWS\system32\RegCompact.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk] backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^PC-søk i Windows.lnk] backup=C:\WINDOWS\pss\PC-søk i Windows.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Biskus^Start-meny^Programmer^Oppstart^Microsoft Office Groove.lnk] backup=C:\WINDOWS\pss\Microsoft Office Groove.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Biskus^Start-meny^Programmer^Oppstart^OneNote 2007 Screen Clipper og Launcher.lnk] backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper og Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClientGW] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator] "E:\Programfiler\DAP\DAP.EXE" /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "E:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] E:\Programfiler\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer] "C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] "C:\Programfiler\LogMeIn\LogMeInSystray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] "C:\Programfiler\Octoshape Streaming Services\Biskus\OctoshapeClient.exe" -inv:bootrun [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] E:\Programfiler\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] E:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] E:\Programfiler\Steam\Steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys R1 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\amdtools.sys R1 KS0108;KS0108;\??\L:\Programfiler\LcdStudio\ks0108.sys R1 LC7981;LC7981;\??\L:\Programfiler\LcdStudio\LC7981.sys R1 n3900;n3900;\??\L:\Programfiler\LcdStudio\n3900.sys R1 nltdi;nltdi;\??\C:\WINDOWS\system32\drivers\nltdi.sys R1 SED133x;SED133x;\??\L:\Programfiler\LcdStudio\SED133x.sys R1 T6963C;T6963C;\??\L:\Programfiler\LcdStudio\T6963c.sys R2 InterBaseGuardian;InterBase Guardian;E:\Borland\InterBase\bin\ibguard.exe R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Programfiler\LogMeIn\RaInfo.sys R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS R3 cmigameport;cmigameport;C:\WINDOWS\system32\drivers\cmigameport.sys R3 InterBaseServer;InterBase Server;E:\Borland\InterBase\bin\ibserver.exe R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys S3 BMFTP-RELEASE;BlackMoon FTP Service;E:\Programfiler\Selom Ofori\BlackMoon FTP Server\FTPService.exe S3 BMFTPRealTimeStats;BMFTPRealTimeStats;"E:\Programfiler\Selom Ofori\BlackMoon FTP Server\BMFTPRealTimeStats.exe" S3 InterServer;InterBase InterClient Server;E:\Borland\InterBase\InterClient\bin\interserver.exe S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2007-09-12 15:18:31 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-12 18:32:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-12 18:33:52 C:\ComboFix-quarantined-files.txt ... 2007-09-12 18:33 . --- E O F --- Lenke til kommentar
norbat Skrevet 12. september 2007 Del Skrevet 12. september 2007 Loggen ser grei ut. Hvordan kjører pc'n? (hvis Avast lager logg av det den fjerner, kunne det være interessant å se hva den fant) Lenke til kommentar
Biskus Skrevet 12. september 2007 Forfatter Del Skrevet 12. september 2007 PC'en kjører helt greit akkurat nå. Har ikke hatt noen problemer siden jeg fikk boota ordentlig. Fant ikke noen log fra Avast. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå