Treg pc, spesielt i start up. kan det være syp/virus?

[MysticoN]

Hei hei, PC-en har blitt forferdelig treig i det siste, spesielt fra jeg kommer inn i windows til windows får startet opp de få programmene som er i oppstarten.

 

Hijackthis log før CCleaner og combofix.

 

Logfile of HijackThis v1.99.1

Scan saved at 07:58:13, on 16.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Razer\razertra.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

E:\Games\Steam\Steam.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Opera\Opera.exe

C:\Documents and Settings\MysticoN\Desktop\Terran_Demo_English.avi-downloader.exe

C:\Documents and Settings\MysticoN\Desktop\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe

C:\Documents and Settings\MysticoN\Desktop\hijackthis_sfx.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [803b5084] rundll32.exe "C:\WINDOWS\system32\cmsgubnx.dll",b

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [bM83086318] Rundll32.exe "C:\WINDOWS\system32\yhofknbw.dll",s

O4 - HKCU\..\Run: [steam] "E:\Games\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?0053577459e444f78bf04a07d17efb40

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?0053577459e444f78bf04a07d17efb40

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204930419250

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205422679812

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

 

 

Combofix klikka første gang jeg kjørte den. låste seg når den skulle lage rapporten. (gidde opp etter 30min) så jeg måtte starte på den på nytt.

 

ComboFix 08-03-14.4 - MysticoN 2008-03-16 21:31:25.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2819 [GMT 1:00]

Running from: C:\Documents and Settings\MysticoN\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\WINDOWS\BM83086318.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\cmsgubnx.dll

C:\WINDOWS\system32\dfvdgnyp.dll

C:\WINDOWS\system32\dwxtmilj.dll

C:\WINDOWS\system32\fllaelfb.ini

C:\WINDOWS\system32\ibdaaaft.dll

C:\WINDOWS\system32\jjllm.ini

C:\WINDOWS\system32\jjllm.ini2

C:\WINDOWS\system32\jtgduutr.dll

C:\WINDOWS\system32\ljjgged.dll

C:\WINDOWS\system32\mlljj.dll

C:\WINDOWS\system32\mqpcmfmy.dll

C:\WINDOWS\system32\qflimvyc.dll

C:\WINDOWS\system32\stplvygb.dll

C:\WINDOWS\system32\uqhwpwpx.dll

C:\WINDOWS\system32\uwsbiids.dll

C:\WINDOWS\system32\wxrrqjup.dll

C:\WINDOWS\system32\xnbugsmc.ini

C:\WINDOWS\system32\yhofknbw.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))

.

 

2008-03-16 20:51 . 2008-03-16 20:51 <DIR> d-------- C:\Program Files\Yahoo!

2008-03-16 20:51 . 2008-03-16 20:52 <DIR> d-------- C:\Program Files\CCleaner

2008-03-16 07:33 . 2008-03-16 07:33 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-03-15 21:08 . 2008-03-15 21:08 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\ESET

2008-03-15 21:00 . 2008-03-15 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET

2008-03-15 20:56 . 2008-03-15 20:56 <DIR> d-------- C:\Program Files\MalwareAlarm

2008-03-15 20:15 . 2008-03-15 20:16 <DIR> d-------- C:\Program Files\EsetOnlineScanner

2008-03-14 08:28 . 2008-03-14 08:37 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\Bioshock

2008-03-14 08:27 . 2008-03-14 08:27 <DIR> dr-h----- C:\Documents and Settings\MysticoN\Application Data\SecuROM

2008-03-14 08:27 . 2008-03-14 08:27 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-03-14 08:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-14 08:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-13 13:10 . 2008-03-14 11:54 1,318,252 --ahs---- C:\WINDOWS\system32\attlonop.ini

2008-03-13 11:08 . 2008-03-13 11:08 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-03-13 11:08 . 2008-03-13 14:56 <DIR> d-------- C:\Documents and Settings\MysticoN\Contacts

2008-03-13 11:08 . 2008-03-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2008-03-13 11:07 . 2008-03-13 11:07 <DIR> d-------- C:\Program Files\MSN Messenger

2008-03-12 13:09 . 2008-03-13 13:10 1,324,739 --ahs---- C:\WINDOWS\system32\dmcshbbq.ini

2008-03-11 13:10 . 2008-03-12 12:18 1,319,572 --ahs---- C:\WINDOWS\system32\xivpbdui.ini

2008-03-11 00:00 . 2006-02-28 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-03-10 19:19 . 2008-03-10 19:19 <DIR> d-------- C:\WINDOWS\Sun

2008-03-10 19:15 . 2008-03-10 19:15 <DIR> d-------- C:\Program Files\Java

2008-03-10 19:15 . 2008-03-10 19:15 <DIR> d-------- C:\Program Files\Common Files\Java

2008-03-10 19:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-10 13:07 . 2008-03-11 13:08 1,318,732 --ahs---- C:\WINDOWS\system32\cjdlylcm.ini

2008-03-10 01:07 . 2008-03-10 01:07 <DIR> d-------- C:\Program Files\Real Alternative

2008-03-10 01:07 . 2008-03-10 01:07 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\Media Player Classic

2008-03-10 01:06 . 2008-03-10 01:06 <DIR> d-------- C:\Program Files\XP Codec Pack

2008-03-10 01:06 . 2008-03-10 01:06 <DIR> d-------- C:\Program Files\QT Lite

2008-03-10 01:06 . 2008-03-10 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-03-10 01:06 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm

2008-03-10 01:06 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-10 01:06 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-03-09 13:03 . 2008-03-10 13:04 1,318,463 --ahs---- C:\WINDOWS\system32\ayfurjax.ini

2008-03-08 21:56 . 2008-03-08 22:15 <DIR> d-------- C:\Program Files\DC++

2008-03-08 21:44 . 2008-03-08 21:44 13,672 --a------ C:\WINDOWS\system32\wpa.bak

2008-03-08 21:37 . 2008-03-16 21:24 230,932 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck

2008-03-08 21:37 . 2008-03-16 21:28 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck

2008-03-08 21:36 . 2008-03-08 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-03-08 21:34 . 2008-03-08 21:34 <DIR> d-------- C:\Program Files\Panda Security

2008-03-08 21:33 . 2008-03-08 21:33 <DIR> d-------- C:\Program Files\Common Files\Panda Software

2008-03-08 21:33 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys

2008-03-08 21:33 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys

2008-03-08 19:04 . 2008-03-08 19:04 <DIR> d-------- C:\Program Files\directx

2008-03-08 18:02 . 2008-03-08 18:02 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2008-03-08 13:04 . 2008-03-09 12:54 1,307,870 --ahs---- C:\WINDOWS\system32\osdailom.ini

2008-03-08 10:50 . 2008-03-08 10:50 1 --a------ C:\WINDOWS\system32\SI.bin

2008-03-08 07:00 . 2008-03-08 07:00 <DIR> d-------- C:\Program Files\EA Games

2008-03-08 06:32 . 2008-03-08 20:04 979 --a------ C:\WINDOWS\eReg.dat

2008-03-08 05:24 . 2008-03-08 05:29 139,264 --a------ C:\WINDOWS\War3Unin.exe

2008-03-08 05:24 . 2008-03-08 05:30 67,425 --a------ C:\WINDOWS\War3Unin.dat

2008-03-08 05:24 . 2008-03-08 05:29 2,829 --a------ C:\WINDOWS\War3Unin.pif

2008-03-08 03:55 . 2008-03-08 03:55 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\teamspeak2

2008-03-08 03:54 . 2008-03-08 03:54 <DIR> d-------- C:\Program Files\VentriloMIX

2008-03-08 01:24 . 2008-03-08 01:24 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-03-08 01:24 . 2008-03-08 01:24 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-03-08 01:24 . 2008-03-08 01:24 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-03-08 01:21 . 2008-03-08 01:21 <DIR> d-------- C:\Program Files\Razer

2008-03-08 01:21 . 2004-10-10 18:56 57,344 --a------ C:\WINDOWS\system32\razer.cpl

2008-03-08 01:21 . 2004-10-09 11:37 39,832 --a------ C:\WINDOWS\system32\drivers\razerusb.sys

2008-03-08 01:21 . 2004-09-14 17:18 7,168 --a------ C:\WINDOWS\system32\drivers\razerlow.sys

2008-03-08 01:02 . 2008-03-08 06:25 <DIR> d-------- C:\Program Files\FlashFXP

2008-03-08 01:02 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe

2008-03-08 00:56 . 2008-03-08 01:08 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll

2008-03-08 00:56 . 2008-03-08 01:08 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll

2008-03-08 00:56 . 2008-03-08 01:08 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll

2008-03-08 00:55 . 2008-03-08 00:55 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-03-08 00:52 . 2008-03-08 00:53 <DIR> d-------- C:\WINDOWS\system32\RTCOM

2008-03-08 00:52 . 2008-03-08 00:52 <DIR> d-------- C:\Program Files\Realtek

2008-03-08 00:43 . 2008-03-08 00:43 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\DAEMON Tools

2008-03-08 00:43 . 2008-03-08 00:43 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-03-08 00:41 . 2008-03-08 00:41 <DIR> d-------- C:\Program Files\uTorrent

2008-03-08 00:41 . 2008-03-15 19:03 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\uTorrent

2008-03-08 00:09 . 2008-03-08 00:09 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\SmartFTP

2008-03-08 00:02 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-03-08 00:02 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-03-08 00:01 . 2004-08-03 23:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-03-08 00:00 . 2004-08-04 00:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2008-03-08 00:00 . 2001-08-17 14:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2008-03-06 16:29 . 2008-03-06 16:29 962,560 --a------ C:\WINDOWS\system32\VSFilter.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-16 20:28 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG

2008-03-16 20:24 230,932 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-03-08 20:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-07 23:56 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-07 23:52 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-03-07 22:55 --------- d-----w C:\Program Files\Opera

2008-03-07 22:45 --------- d-----w C:\Program Files\muvee Technologies

2008-03-07 22:45 --------- d-----w C:\Program Files\Common Files\muvee Technologies

2008-03-07 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies

2008-03-07 22:39 --------- d-----w C:\Program Files\Marvell

2008-03-07 22:37 --------- d-----w C:\Program Files\Intel

2008-03-07 22:19 24,064 ----a-w C:\WINDOWS\autoload.exe

2008-03-07 22:14 --------- d-----w C:\Program Files\microsoft frontpage

2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll

2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll

2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll

2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe

2007-12-24 11:47 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-12-24 11:40 404,992 ----a-w C:\WINDOWS\system32\libmplayer.dll

2007-12-22 20:02 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll

2007-12-22 19:27 3,104,256 ----a-w C:\WINDOWS\system32\libavcodec.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="E:\Games\Steam\Steam.exe" [2008-03-07 23:58 1266936]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gainward"="C:\WINDOWS\TBPanel.exe" [2007-06-26 07:56 2173480]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 02:41 8466432]

"nwiz"="nwiz.exe" [2007-07-23 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 02:41 81920]

"razertra"="C:\Program Files\Razer\razertra.exe" [2004-10-10 18:21 208896]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-11 06:49 16377344 C:\WINDOWS\RTHDCPL.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgged]

ljjgged.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"E:\\Games\\swEtt\\Content\\System\\Swat4.exe"=

"E:\\Games\\Warcraft III\\Warcraft III.exe"=

"C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=

"E:\\Games\\Steam\\steamapps\\the real mysticon\\team fortress 2\\hl2.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33]

R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33]

R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33]

R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39]

R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33]

R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40]

R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33]

R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33]

R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44]

R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49]

R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43]

R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []

R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

S2 RPCM;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [2005-02-16 05:27]

S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2004-09-14 17:18]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-16 20:27:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-16 21:31:59

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-16 21:32:14

ComboFix-quarantined-files.txt 2008-03-16 20:32:12

.

2008-03-12 07:21:30 --- E O F ---

[MysticoN]

Logfile of HijackThis v1.99.1

Scan saved at 21:38:08, on 16.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Razer\razertra.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

E:\Games\Steam\Steam.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\Opera.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [steam] "E:\Games\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?0053577459e444f78bf04a07d17efb40

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?0053577459e444f78bf04a07d17efb40

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204930419250

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205422679812

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: ljjgged - ljjgged.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

 

 

tatt etter jeg tror jeg har fått fjernet det værste.

 

så hadde vært fint om noen kunne se over disse loggene.

[snippsat]

Ja du har fått ryddet opp litt

 

Kjøre for og se om det er noe rester.

last ned Vundofix

Scan for Vundo.

Når det er ferdig "Remove vundo"

Logg fra vundofix,vanligvis C:\vundofix.txt

Poster du.

 

Last ned oppdatere og kjør full scan SAS free

 

Kjør combofix igjen.

post logg C:\combofix.txt

 

Ser over combofix loggen etter dette.

[MysticoN]

Ja du har fått ryddet opp litt

 

Kjøre for og se om det er noe rester.

last ned Vundofix

Scan for Vundo.

Når det er ferdig "Remove vundo"

Logg fra vundofix,vanligvis C:\vundofix.txt

Poster du.

 

Last ned oppdatere og kjør full scan SAS free

 

Kjør combofix igjen.

post logg C:\combofix.txt

 

Ser over combofix loggen etter dette.

 

Takker for svar, skal gjøre det når jeg kommer hjem fra jobb:D

 

Foresten, er det mulig å se om resten av rotet (virus, spy osv...) er på C: eller ikke? skal likavel formatere, men vil ikke at det skal ligge noe snusk på andre stasjoner.

 

Er lei av Xp looken og kun ha 3gb ram å bruke.

Endret 16. mars 2008 av MysticoN

[snippsat]

Etter formatering kjører du full scan på alle stasjoner.

Regner med at du forsatt skal bruke Panda Antivirus.

 

Et godt tileggs program for spyware er sas.

 

En rask titt på combofix loggen.

Kan ha gitt deg problemer.

C:\Program Files\MalwareAlarm

http://www.bleepingcomputer.com/forums/topic105302.html

 

Kan godt kjøre Smitfraudfix.

Last ned SmitfraudFix legg det på skrivebordet.

Boot trykk flere ganger på f8 velg sikkerhetmodus.

Kjør Smitfraudfix, velg valg 2.

Post loggen C:\rapport.txt

Endret 16. mars 2008 av SNIPPSAT

[MysticoN]

Etter formatering kjører du full scan på alle stasjoner.

Regner med at du forsatt skal bruke Panda Antivirus.

 

Et godt tileggs program for spyware er sas.

 

En rask titt på combofix loggen.

Kan ha gitt deg problemer.

C:\Program Files\MalwareAlarm

http://www.bleepingcomputer.com/forums/topic105302.html

 

Kan godt kjøre Smitfraudfix.

Last ned SmitfraudFix legg det på skrivebordet.

Boot trykk flere ganger på f8 velg sikkerhetmodus.

Kjør Smitfraudfix, velg valg 2.

Post loggen C:\rapport.txt

 

takker, skal gjøre det når jeg kommer hjem fra jobb. og ja, bruker panda orginal versjon fult oppgradert. ville bare være sikker på at D: og E: er rein så ikke noe dritt førest over til den nye og rene c:

 

kommer med rapport snart.

[MysticoN]

fikk blå skjerm når jeg restarta, så jeg tok likså godt å la inn windows vista med en gang. holder på å følger denne tråden

fikk blå skjerm etter jeg la inn Panda.

 

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 1044

 

Additional information about the problem:

BCCode: 3b

BCP1: 00000000C0000005

BCP2: FFFFFA6003A44259

BCP3: FFFFFA6003CC45E0

BCP4: 0000000000000000

OS Version: 6_0_6001

Service Pack: 1_0

Product: 768_1

 

Files that help describe the problem:

C:\Windows\Minidump\Mini031808-03.dmp

C:\Users\PreÅse\AppData\Local\Temp\WER-42104-0.sysdata.xml

C:\Users\PreÅse\AppData\Local\Temp\WERF343.tmp.version.txt

 

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

Så kommer snart med log så fort jeg er ferdig med div scans.

Endret 18. mars 2008 av MysticoN

[MysticoN]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:54:41, on 18.03.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files (x86)\Opera\Opera.exe

C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Security Generic Uninstaller (PSGenUn) - Panda Software International - C:\PROGRA~2\INSTAL~1\{98032~1\SMCL\SMCLpav.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 5287 bytes

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/18/2008 at 03:12 PM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3421

Trace Rules Database Version: 1413

 

Scan type : Complete Scan

Total Scan Time : 00:15:32

 

Memory items scanned : 113

Memory threats detected : 0

Registry items scanned : 4248

Registry threats detected : 0

File items scanned : 19189

File threats detected : 0

[MysticoN]

prøvde å legge inn panda igjen.

 

fikke samme feil melding:

 

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 1044

 

Additional information about the problem:

BCCode: 3b

BCP1: 00000000C0000005

BCP2: FFFFFA6003F6B259

BCP3: FFFFFA600743ADB0

BCP4: 0000000000000000

OS Version: 6_0_6001

Service Pack: 1_0

Product: 768_1

 

Files that help describe the problem:

C:\Windows\Minidump\Mini031808-01.dmp

C:\Users\PreÅse\AppData\Local\Temp\WER-38922-0.sysdata.xml

C:\Users\PreÅse\AppData\Local\Temp\WERCAAD.tmp.version.txt

 

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

[snippsat]

Har du installert 64bit?

 

Da må du huske at alt må ha som drivere som har signature for 64bit.

Prøver du med samme versjon du brukte for 32bit går ikke det.

[MysticoN]

Har du installert 64bit?

 

Da må du huske at alt må ha som drivere som har signature for 64bit.

Prøver du med samme versjon du brukte for 32bit går ikke det.

 

jepp 64bit. alt jeg har av drivers er 64b, så det skal ikke være noe problem. men det er det med panda da.. ikke sikker på om det funker på 64b. ser ikke slik ut siden jeg får blå skjerm hver gang jeg restarter etter at jeg har instalert det...

[snippsat]

Du må versjon som går til 64bit.

http://www.start64.com/index.php?option=co...4&Itemid=74

[MysticoN]

Du må versjon som går til 64bit.

http://www.start64.com/index.php?option=co...4&Itemid=74

 

 

rart at panda si hjemme side ikke har link til 64. bit verson av sin egen software da... takker for linken, kommer til å ha mye mytte av den siden.

 

men ser logen min ok ut?

[snippsat]

Ja loggen ser grei

Du har vel akkurat innstalert,du får poste en senere når du har fått inn alt du skal ha.

[MysticoN]

Ja loggen ser grei

Du har vel akkurat innstalert,du får poste en senere når du har fått inn alt du skal ha.

 

takker og bukker..

 

finner ikke panda antivirus + firewall 08 for vista 64. den du linka meg funka fint, men det var uten firewall. og siden jeg har betalt for det så vil jeg gjerne ha den:/

 

noen råd? prøvde igjen med panda + firewall.

 

Problem caused by antivirus software

 

Although we have not determined the specific cause of this problem, we know the problem was caused by antivirus software.

 

Recommendation

 

--------------------------------------------------------------------------------

 

 

To try to solve this problem, follow these steps. Each of the steps might solve your problem. If following a step doesn't fix your problem, then go on to the next step.

 

Update your antivirus software

 

Missing antivirus software updates could be the cause of your computer's problem. To make sure your antivirus is up to date, follow these steps:

 

Click to open Microsoft Security Center.

Click Malware protection.

If your software needs to be updated, click Update now.

 

If Windows can detect your antivirus software, it will be listed under Virus protection.

If your antivirus software is not displayed in Windows Security Center, go to the downloads section of your antivirus software provider’s website. Find the update for your version of the software and your operating system, and then install it. For more information, check the Help for your antivirus software.

 

Most antivirus software updates are free, but some providers charge a small fee for the updates. If you're using an older version of the software, you might also have to pay to upgrade to a more recent version to continue to receive the updates.

 

Check for multiple antivirus programs running on your computer

 

Running two antivirus software programs on your computer at the same time is not recommended because the two programs can interfere with each other. Even if you don't think your computer could be running two antivirus programs, antivirus software can sometimes come bundled with your computer and it might be running without your knowledge. To check if two antivirus programs are running, follow these steps:

 

Click the Start button, click Control Panel, click System and Maintenance, and then click Administrative Tools.

Double-click Services. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Look at the list of services under the Name column. If you find two antivirus programs, right-click each service associated with one of the programs, and then click Stop. Note that there may be multiple services running for one antivirus program.

Contact the antivirus manufacturer

 

If you've completed the previous steps, we recommend you contact the antivirus manufacturer directly for additional support.

 

To see a list of Microsoft and third-party solutions for spyware, adware, and antivirus software, go to the following website online.

 

Security software: Downloads and trials