MysticoN Skrevet 16. mars 2008 Del Skrevet 16. mars 2008 Hei hei, PC-en har blitt forferdelig treig i det siste, spesielt fra jeg kommer inn i windows til windows får startet opp de få programmene som er i oppstarten. Hijackthis log før CCleaner og combofix. Logfile of HijackThis v1.99.1 Scan saved at 07:58:13, on 16.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Razer\razertra.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe E:\Games\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\MysticoN\Desktop\Terran_Demo_English.avi-downloader.exe C:\Documents and Settings\MysticoN\Desktop\1280_StarCraft2GameplayVideo_EnglishUS2-avi-downloader.exe C:\Documents and Settings\MysticoN\Desktop\hijackthis_sfx.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [803b5084] rundll32.exe "C:\WINDOWS\system32\cmsgubnx.dll",b O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [bM83086318] Rundll32.exe "C:\WINDOWS\system32\yhofknbw.dll",s O4 - HKCU\..\Run: [steam] "E:\Games\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?0053577459e444f78bf04a07d17efb40 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?0053577459e444f78bf04a07d17efb40 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204930419250 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205422679812 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe Combofix klikka første gang jeg kjørte den. låste seg når den skulle lage rapporten. (gidde opp etter 30min) så jeg måtte starte på den på nytt. ComboFix 08-03-14.4 - MysticoN 2008-03-16 21:31:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2819 [GMT 1:00] Running from: C:\Documents and Settings\MysticoN\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\BM83086318.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\cmsgubnx.dll C:\WINDOWS\system32\dfvdgnyp.dll C:\WINDOWS\system32\dwxtmilj.dll C:\WINDOWS\system32\fllaelfb.ini C:\WINDOWS\system32\ibdaaaft.dll C:\WINDOWS\system32\jjllm.ini C:\WINDOWS\system32\jjllm.ini2 C:\WINDOWS\system32\jtgduutr.dll C:\WINDOWS\system32\ljjgged.dll C:\WINDOWS\system32\mlljj.dll C:\WINDOWS\system32\mqpcmfmy.dll C:\WINDOWS\system32\qflimvyc.dll C:\WINDOWS\system32\stplvygb.dll C:\WINDOWS\system32\uqhwpwpx.dll C:\WINDOWS\system32\uwsbiids.dll C:\WINDOWS\system32\wxrrqjup.dll C:\WINDOWS\system32\xnbugsmc.ini C:\WINDOWS\system32\yhofknbw.dll . ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))) . 2008-03-16 20:51 . 2008-03-16 20:51 <DIR> d-------- C:\Program Files\Yahoo! 2008-03-16 20:51 . 2008-03-16 20:52 <DIR> d-------- C:\Program Files\CCleaner 2008-03-16 07:33 . 2008-03-16 07:33 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-03-15 21:08 . 2008-03-15 21:08 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\ESET 2008-03-15 21:00 . 2008-03-15 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-03-15 20:56 . 2008-03-15 20:56 <DIR> d-------- C:\Program Files\MalwareAlarm 2008-03-15 20:15 . 2008-03-15 20:16 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-03-14 08:28 . 2008-03-14 08:37 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\Bioshock 2008-03-14 08:27 . 2008-03-14 08:27 <DIR> dr-h----- C:\Documents and Settings\MysticoN\Application Data\SecuROM 2008-03-14 08:27 . 2008-03-14 08:27 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-03-14 08:12 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-14 08:12 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-13 13:10 . 2008-03-14 11:54 1,318,252 --ahs---- C:\WINDOWS\system32\attlonop.ini 2008-03-13 11:08 . 2008-03-13 11:08 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-03-13 11:08 . 2008-03-13 14:56 <DIR> d-------- C:\Documents and Settings\MysticoN\Contacts 2008-03-13 11:08 . 2008-03-13 11:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-03-13 11:07 . 2008-03-13 11:07 <DIR> d-------- C:\Program Files\MSN Messenger 2008-03-12 13:09 . 2008-03-13 13:10 1,324,739 --ahs---- C:\WINDOWS\system32\dmcshbbq.ini 2008-03-11 13:10 . 2008-03-12 12:18 1,319,572 --ahs---- C:\WINDOWS\system32\xivpbdui.ini 2008-03-11 00:00 . 2006-02-28 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-03-10 19:19 . 2008-03-10 19:19 <DIR> d-------- C:\WINDOWS\Sun 2008-03-10 19:15 . 2008-03-10 19:15 <DIR> d-------- C:\Program Files\Java 2008-03-10 19:15 . 2008-03-10 19:15 <DIR> d-------- C:\Program Files\Common Files\Java 2008-03-10 19:15 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-10 13:07 . 2008-03-11 13:08 1,318,732 --ahs---- C:\WINDOWS\system32\cjdlylcm.ini 2008-03-10 01:07 . 2008-03-10 01:07 <DIR> d-------- C:\Program Files\Real Alternative 2008-03-10 01:07 . 2008-03-10 01:07 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\Media Player Classic 2008-03-10 01:06 . 2008-03-10 01:06 <DIR> d-------- C:\Program Files\XP Codec Pack 2008-03-10 01:06 . 2008-03-10 01:06 <DIR> d-------- C:\Program Files\QT Lite 2008-03-10 01:06 . 2008-03-10 01:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-03-10 01:06 . 2007-08-18 08:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm 2008-03-10 01:06 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-03-10 01:06 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-03-09 13:03 . 2008-03-10 13:04 1,318,463 --ahs---- C:\WINDOWS\system32\ayfurjax.ini 2008-03-08 21:56 . 2008-03-08 22:15 <DIR> d-------- C:\Program Files\DC++ 2008-03-08 21:44 . 2008-03-08 21:44 13,672 --a------ C:\WINDOWS\system32\wpa.bak 2008-03-08 21:37 . 2008-03-16 21:24 230,932 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2008-03-08 21:37 . 2008-03-16 21:28 1,224 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2008-03-08 21:36 . 2008-03-08 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2008-03-08 21:34 . 2008-03-08 21:34 <DIR> d-------- C:\Program Files\Panda Security 2008-03-08 21:33 . 2008-03-08 21:33 <DIR> d-------- C:\Program Files\Common Files\Panda Software 2008-03-08 21:33 . 2007-07-12 13:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys 2008-03-08 21:33 . 2007-05-23 15:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys 2008-03-08 19:04 . 2008-03-08 19:04 <DIR> d-------- C:\Program Files\directx 2008-03-08 18:02 . 2008-03-08 18:02 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-03-08 13:04 . 2008-03-09 12:54 1,307,870 --ahs---- C:\WINDOWS\system32\osdailom.ini 2008-03-08 10:50 . 2008-03-08 10:50 1 --a------ C:\WINDOWS\system32\SI.bin 2008-03-08 07:00 . 2008-03-08 07:00 <DIR> d-------- C:\Program Files\EA Games 2008-03-08 06:32 . 2008-03-08 20:04 979 --a------ C:\WINDOWS\eReg.dat 2008-03-08 05:24 . 2008-03-08 05:29 139,264 --a------ C:\WINDOWS\War3Unin.exe 2008-03-08 05:24 . 2008-03-08 05:30 67,425 --a------ C:\WINDOWS\War3Unin.dat 2008-03-08 05:24 . 2008-03-08 05:29 2,829 --a------ C:\WINDOWS\War3Unin.pif 2008-03-08 03:55 . 2008-03-08 03:55 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\teamspeak2 2008-03-08 03:54 . 2008-03-08 03:54 <DIR> d-------- C:\Program Files\VentriloMIX 2008-03-08 01:24 . 2008-03-08 01:24 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-03-08 01:24 . 2008-03-08 01:24 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-03-08 01:24 . 2008-03-08 01:24 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-03-08 01:21 . 2008-03-08 01:21 <DIR> d-------- C:\Program Files\Razer 2008-03-08 01:21 . 2004-10-10 18:56 57,344 --a------ C:\WINDOWS\system32\razer.cpl 2008-03-08 01:21 . 2004-10-09 11:37 39,832 --a------ C:\WINDOWS\system32\drivers\razerusb.sys 2008-03-08 01:21 . 2004-09-14 17:18 7,168 --a------ C:\WINDOWS\system32\drivers\razerlow.sys 2008-03-08 01:02 . 2008-03-08 06:25 <DIR> d-------- C:\Program Files\FlashFXP 2008-03-08 01:02 . 2003-03-15 23:15 90,112 --a------ C:\WINDOWS\unvise32.exe 2008-03-08 00:56 . 2008-03-08 01:08 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2008-03-08 00:56 . 2008-03-08 01:08 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2008-03-08 00:56 . 2008-03-08 01:08 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2008-03-08 00:55 . 2008-03-08 00:55 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-03-08 00:52 . 2008-03-08 00:53 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2008-03-08 00:52 . 2008-03-08 00:52 <DIR> d-------- C:\Program Files\Realtek 2008-03-08 00:43 . 2008-03-08 00:43 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\DAEMON Tools 2008-03-08 00:43 . 2008-03-08 00:43 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-03-08 00:41 . 2008-03-08 00:41 <DIR> d-------- C:\Program Files\uTorrent 2008-03-08 00:41 . 2008-03-15 19:03 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\uTorrent 2008-03-08 00:09 . 2008-03-08 00:09 <DIR> d-------- C:\Documents and Settings\MysticoN\Application Data\SmartFTP 2008-03-08 00:02 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2008-03-08 00:02 . 2001-08-17 14:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2008-03-08 00:01 . 2004-08-03 23:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2008-03-08 00:00 . 2004-08-04 00:14 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys 2008-03-08 00:00 . 2001-08-17 14:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2008-03-06 16:29 . 2008-03-06 16:29 962,560 --a------ C:\WINDOWS\system32\VSFilter.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 20:28 1,224 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG 2008-03-16 20:24 230,932 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT 2008-03-08 20:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-07 23:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-07 23:52 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-03-07 22:55 --------- d-----w C:\Program Files\Opera 2008-03-07 22:45 --------- d-----w C:\Program Files\muvee Technologies 2008-03-07 22:45 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-03-07 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies 2008-03-07 22:39 --------- d-----w C:\Program Files\Marvell 2008-03-07 22:37 --------- d-----w C:\Program Files\Intel 2008-03-07 22:19 24,064 ----a-w C:\WINDOWS\autoload.exe 2008-03-07 22:14 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-11 08:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll 2008-02-11 08:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll 2008-02-08 12:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll 2008-02-05 07:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe 2007-12-24 11:47 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-12-24 11:40 404,992 ----a-w C:\WINDOWS\system32\libmplayer.dll 2007-12-22 20:02 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll 2007-12-22 19:27 3,104,256 ----a-w C:\WINDOWS\system32\libavcodec.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="E:\Games\Steam\Steam.exe" [2008-03-07 23:58 1266936] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 00:09 486856] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="C:\WINDOWS\TBPanel.exe" [2007-06-26 07:56 2173480] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 02:41 8466432] "nwiz"="nwiz.exe" [2007-07-23 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-23 02:41 81920] "razertra"="C:\Program Files\Razer\razertra.exe" [2004-10-10 18:21 208896] "RTHDCPL"="RTHDCPL.EXE" [2007-06-11 06:49 16377344 C:\WINDOWS\RTHDCPL.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjgged] ljjgged.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "E:\\Games\\swEtt\\Content\\System\\Swat4.exe"= "E:\\Games\\Warcraft III\\Warcraft III.exe"= "C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"= "E:\\Games\\Steam\\steamapps\\the real mysticon\\team fortress 2\\hl2.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\Drivers\APPFLT.SYS [2007-05-11 09:33] R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\Drivers\DSAFLT.SYS [2007-05-11 09:33] R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\Drivers\fnetmon.SYS [2007-05-11 09:33] R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\Drivers\IDSFLT.SYS [2007-07-11 11:39] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\Drivers\NETFLTDI.SYS [2007-05-11 09:33] R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2007-05-23 15:40] R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\system32\Drivers\SMSFLT.SYS [2007-05-11 09:33] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\Drivers\WNMFLT.SYS [2007-05-11 09:33] R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys [2007-06-08 08:44] R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2007-07-12 13:49] R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [] R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys [2007-04-24 15:43] R3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys [] R3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys [] S2 RPCM;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [2005-02-16 05:27] S3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2004-09-14 17:18] . Contents of the 'Scheduled Tasks' folder "2008-03-16 20:27:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 21:31:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-16 21:32:14 ComboFix-quarantined-files.txt 2008-03-16 20:32:12 . 2008-03-12 07:21:30 --- E O F --- Lenke til kommentar
MysticoN Skrevet 16. mars 2008 Forfatter Del Skrevet 16. mars 2008 Logfile of HijackThis v1.99.1 Scan saved at 21:38:08, on 16.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe C:\WINDOWS\TBPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Razer\razertra.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe E:\Games\Steam\Steam.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [steam] "E:\Games\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?0053577459e444f78bf04a07d17efb40 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?0053577459e444f78bf04a07d17efb40 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204930419250 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205422679812 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: ljjgged - ljjgged.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe tatt etter jeg tror jeg har fått fjernet det værste. så hadde vært fint om noen kunne se over disse loggene. Lenke til kommentar
snippsat Skrevet 16. mars 2008 Del Skrevet 16. mars 2008 Ja du har fått ryddet opp litt Kjøre for og se om det er noe rester. last ned Vundofix Scan for Vundo. Når det er ferdig "Remove vundo" Logg fra vundofix,vanligvis C:\vundofix.txt Poster du. Last ned oppdatere og kjør full scan SAS free Kjør combofix igjen. post logg C:\combofix.txt Ser over combofix loggen etter dette. Lenke til kommentar
MysticoN Skrevet 16. mars 2008 Forfatter Del Skrevet 16. mars 2008 (endret) Ja du har fått ryddet opp litt Kjøre for og se om det er noe rester. last ned Vundofix Scan for Vundo. Når det er ferdig "Remove vundo" Logg fra vundofix,vanligvis C:\vundofix.txt Poster du. Last ned oppdatere og kjør full scan SAS free Kjør combofix igjen. post logg C:\combofix.txt Ser over combofix loggen etter dette. Takker for svar, skal gjøre det når jeg kommer hjem fra jobb:D Foresten, er det mulig å se om resten av rotet (virus, spy osv...) er på C: eller ikke? skal likavel formatere, men vil ikke at det skal ligge noe snusk på andre stasjoner. Er lei av Xp looken og kun ha 3gb ram å bruke. Endret 16. mars 2008 av MysticoN Lenke til kommentar
snippsat Skrevet 16. mars 2008 Del Skrevet 16. mars 2008 (endret) Etter formatering kjører du full scan på alle stasjoner. Regner med at du forsatt skal bruke Panda Antivirus. Et godt tileggs program for spyware er sas. En rask titt på combofix loggen. Kan ha gitt deg problemer. C:\Program Files\MalwareAlarm http://www.bleepingcomputer.com/forums/topic105302.html Kan godt kjøre Smitfraudfix. Last ned SmitfraudFix legg det på skrivebordet. Boot trykk flere ganger på f8 velg sikkerhetmodus. Kjør Smitfraudfix, velg valg 2. Post loggen C:\rapport.txt Endret 16. mars 2008 av SNIPPSAT Lenke til kommentar
MysticoN Skrevet 17. mars 2008 Forfatter Del Skrevet 17. mars 2008 Etter formatering kjører du full scan på alle stasjoner.Regner med at du forsatt skal bruke Panda Antivirus. Et godt tileggs program for spyware er sas. En rask titt på combofix loggen. Kan ha gitt deg problemer. C:\Program Files\MalwareAlarm http://www.bleepingcomputer.com/forums/topic105302.html Kan godt kjøre Smitfraudfix. Last ned SmitfraudFix legg det på skrivebordet. Boot trykk flere ganger på f8 velg sikkerhetmodus. Kjør Smitfraudfix, velg valg 2. Post loggen C:\rapport.txt takker, skal gjøre det når jeg kommer hjem fra jobb. og ja, bruker panda orginal versjon fult oppgradert. ville bare være sikker på at D: og E: er rein så ikke noe dritt førest over til den nye og rene c: kommer med rapport snart. Lenke til kommentar
MysticoN Skrevet 18. mars 2008 Forfatter Del Skrevet 18. mars 2008 (endret) fikk blå skjerm når jeg restarta, så jeg tok likså godt å la inn windows vista med en gang. holder på å følger denne tråden fikk blå skjerm etter jeg la inn Panda. Problem signature:Problem Event Name: BlueScreen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1044 Additional information about the problem: BCCode: 3b BCP1: 00000000C0000005 BCP2: FFFFFA6003A44259 BCP3: FFFFFA6003CC45E0 BCP4: 0000000000000000 OS Version: 6_0_6001 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini031808-03.dmp C:\Users\PreÅse\AppData\Local\Temp\WER-42104-0.sysdata.xml C:\Users\PreÅse\AppData\Local\Temp\WERF343.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409 Så kommer snart med log så fort jeg er ferdig med div scans. Endret 18. mars 2008 av MysticoN Lenke til kommentar
MysticoN Skrevet 18. mars 2008 Forfatter Del Skrevet 18. mars 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:41, on 18.03.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files (x86)\Opera\Opera.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Security Generic Uninstaller (PSGenUn) - Panda Software International - C:\PROGRA~2\INSTAL~1\{98032~1\SMCL\SMCLpav.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5287 bytes SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/18/2008 at 03:12 PM Application Version : 4.0.1154 Core Rules Database Version : 3421 Trace Rules Database Version: 1413 Scan type : Complete Scan Total Scan Time : 00:15:32 Memory items scanned : 113 Memory threats detected : 0 Registry items scanned : 4248 Registry threats detected : 0 File items scanned : 19189 File threats detected : 0 Lenke til kommentar
MysticoN Skrevet 18. mars 2008 Forfatter Del Skrevet 18. mars 2008 prøvde å legge inn panda igjen. fikke samme feil melding: Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1044 Additional information about the problem: BCCode: 3b BCP1: 00000000C0000005 BCP2: FFFFFA6003F6B259 BCP3: FFFFFA600743ADB0 BCP4: 0000000000000000 OS Version: 6_0_6001 Service Pack: 1_0 Product: 768_1 Files that help describe the problem: C:\Windows\Minidump\Mini031808-01.dmp C:\Users\PreÅse\AppData\Local\Temp\WER-38922-0.sysdata.xml C:\Users\PreÅse\AppData\Local\Temp\WERCAAD.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409 Lenke til kommentar
snippsat Skrevet 18. mars 2008 Del Skrevet 18. mars 2008 Har du installert 64bit? Da må du huske at alt må ha som drivere som har signature for 64bit. Prøver du med samme versjon du brukte for 32bit går ikke det. Lenke til kommentar
MysticoN Skrevet 18. mars 2008 Forfatter Del Skrevet 18. mars 2008 Har du installert 64bit? Da må du huske at alt må ha som drivere som har signature for 64bit. Prøver du med samme versjon du brukte for 32bit går ikke det. jepp 64bit. alt jeg har av drivers er 64b, så det skal ikke være noe problem. men det er det med panda da.. ikke sikker på om det funker på 64b. ser ikke slik ut siden jeg får blå skjerm hver gang jeg restarter etter at jeg har instalert det... Lenke til kommentar
snippsat Skrevet 18. mars 2008 Del Skrevet 18. mars 2008 Du må versjon som går til 64bit. http://www.start64.com/index.php?option=co...4&Itemid=74 Lenke til kommentar
MysticoN Skrevet 18. mars 2008 Forfatter Del Skrevet 18. mars 2008 Du må versjon som går til 64bit.http://www.start64.com/index.php?option=co...4&Itemid=74 rart at panda si hjemme side ikke har link til 64. bit verson av sin egen software da... takker for linken, kommer til å ha mye mytte av den siden. men ser logen min ok ut? Lenke til kommentar
snippsat Skrevet 18. mars 2008 Del Skrevet 18. mars 2008 Ja loggen ser grei Du har vel akkurat innstalert,du får poste en senere når du har fått inn alt du skal ha. Lenke til kommentar
MysticoN Skrevet 18. mars 2008 Forfatter Del Skrevet 18. mars 2008 Ja loggen ser grei Du har vel akkurat innstalert,du får poste en senere når du har fått inn alt du skal ha. takker og bukker.. finner ikke panda antivirus + firewall 08 for vista 64. den du linka meg funka fint, men det var uten firewall. og siden jeg har betalt for det så vil jeg gjerne ha den:/ noen råd? prøvde igjen med panda + firewall. Problem caused by antivirus software Although we have not determined the specific cause of this problem, we know the problem was caused by antivirus software. Recommendation -------------------------------------------------------------------------------- To try to solve this problem, follow these steps. Each of the steps might solve your problem. If following a step doesn't fix your problem, then go on to the next step. Update your antivirus software Missing antivirus software updates could be the cause of your computer's problem. To make sure your antivirus is up to date, follow these steps: Click to open Microsoft Security Center. Click Malware protection. If your software needs to be updated, click Update now. If Windows can detect your antivirus software, it will be listed under Virus protection. If your antivirus software is not displayed in Windows Security Center, go to the downloads section of your antivirus software provider’s website. Find the update for your version of the software and your operating system, and then install it. For more information, check the Help for your antivirus software. Most antivirus software updates are free, but some providers charge a small fee for the updates. If you're using an older version of the software, you might also have to pay to upgrade to a more recent version to continue to receive the updates. Check for multiple antivirus programs running on your computer Running two antivirus software programs on your computer at the same time is not recommended because the two programs can interfere with each other. Even if you don't think your computer could be running two antivirus programs, antivirus software can sometimes come bundled with your computer and it might be running without your knowledge. To check if two antivirus programs are running, follow these steps: Click the Start button, click Control Panel, click System and Maintenance, and then click Administrative Tools. Double-click Services. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. Look at the list of services under the Name column. If you find two antivirus programs, right-click each service associated with one of the programs, and then click Stop. Note that there may be multiple services running for one antivirus program. Contact the antivirus manufacturer If you've completed the previous steps, we recommend you contact the antivirus manufacturer directly for additional support. To see a list of Microsoft and third-party solutions for spyware, adware, and antivirus software, go to the following website online. Security software: Downloads and trials Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå