Mr.Anki Skrevet 6. september 2009 Del Skrevet 6. september 2009 Hei, Har vært uheldig (eller uforsiktig, kan en vel si ) og fått infisert maskinen min idag. Scannet maskinen med AVG og SAS, men de ville ha en omstart av maskinen for at alt skulle bli borte. Men nå vil ikke maskinen gå inn til dekstop, den blir stoppet av meldingen: Mislykket start av interaktiv påloggingsprosess. Du finner flere detaljer i hendelsesloggen Fant en eldre tråd om dette og skal lage en DrWeb boot cd nå. Er det noe mer jeg kan prøve ? Mvh Mr.Anki Lenke til kommentar
Mr.Anki Skrevet 6. september 2009 Forfatter Del Skrevet 6. september 2009 Noen som har erfaringer angående hvor lang tid scanningen vil ta i DrWeb? Er snakk om rundt 1TB med filer. Beklager dobbelpost, men har lyst til å få maskinen i orden så fort som mulig. Lenke til kommentar
Pizzaen Skrevet 6. september 2009 Del Skrevet 6. september 2009 Prøv heller Avira AntiVir Rescue System og følg instruksjonene på siden som er linket til. Vet egentlig ikke om hvordan Avira sin er i forhold til DrWeb sin, men jeg har brukt Avira sin ganske mye og har gode erfaringer med den. Kan fort ta natten viss du skal skanne gjennom 1TB.. Lenke til kommentar
Mr.Anki Skrevet 6. september 2009 Forfatter Del Skrevet 6. september 2009 Kan en boote direkte med det også? Er redd det tar tid å scanne ja. Har stått et par timer nå, og det har ikke kommet langt akkurat. Men har funnet fem filer, så får håpe jeg får bort alt. Lenke til kommentar
norbat Skrevet 6. september 2009 Del Skrevet 6. september 2009 Problemet her er nok mer at noen systemfiler er korrupte etter rensing og da vil det sannsynligvis ikke hjelpe å kjøre flere 'anti-programmer'. Prøv alt. å kjøre chkdsk evt. en repair av windowsinstallasjonen. Lenke til kommentar
Mr.Anki Skrevet 6. september 2009 Forfatter Del Skrevet 6. september 2009 Men om det fortsatt er igjen noe rusk på maskinen, vil DrWeb fjerne dette eller må jeg gå inn selv å fjerne det med ett annet program? Lenke til kommentar
norbat Skrevet 6. september 2009 Del Skrevet 6. september 2009 Om DrWeb klarer å fjerne det som evt. skulle ligge igjen, er noe usikkert (DrWeb er et midt-på-treet antivirusscanner). Om det skulle fjerne alt, så vil systemfilene som er korrupte mest sannsynlig fortsatt være korrupte og de må på en eller annen måte repareres. Du fikk ikke tilfeldigvis noe navn på infeksjonen? Lenke til kommentar
Mr.Anki Skrevet 6. september 2009 Forfatter Del Skrevet 6. september 2009 La ikke merke til noe navn nei, men det kom blant annet opp et falsk "sikkerhetssenter". Slik som er standard i Windows hvor en kan sjekke om brannmuren, antivirusprogram mm. er i orden. Får ta å reparere med Windows CDen i morgen, når skanningen er ferdig. Hva anbefaler du å skanne med når jeg kommer inn i desktop igjen? Lenke til kommentar
norbat Skrevet 6. september 2009 Del Skrevet 6. september 2009 En logg fra Combofix hadde vært best Lenke til kommentar
raWrz Skrevet 7. september 2009 Del Skrevet 7. september 2009 "Mislykket start av interaktiv påloggingsprosess. Du finner flere detaljer i hendelsesloggen" trolig winlogon.exe som er korrupt Lenke til kommentar
Mr.Anki Skrevet 7. september 2009 Forfatter Del Skrevet 7. september 2009 Og det vil fikses ved å reparere windows? Lenke til kommentar
raWrz Skrevet 7. september 2009 Del Skrevet 7. september 2009 Og det vil fikses ved å reparere windows? hvis du starter opp med windows plata og går til Recovery console og skriver SFC /scannow så burde dte bli fikset Lenke til kommentar
Mr.Anki Skrevet 7. september 2009 Forfatter Del Skrevet 7. september 2009 Har kommet inn til dekstop igjen nå og her er en Combofix logg: ComboFix 09-09-06.06 - Andreas 07.09.2009 17:20.2.4 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.47.1044.18.3070.1571 [GMT 2:00] Kjører fra: c:\users\Andreas\Desktop\ComboFix.exe SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Protection System c:\program files\Protection System\mal.db c:\windows\system32\Plugins c:\windows\system32\Plugins\ml\ml_pmp_device_Andreas - Memory Stick .ini c:\windows\system32\Plugins\ml\ml_pmp_device_Andreas - Phone Memory.ini . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-07 til 2009-09-07 ))))))))))))))))))))))))))))))))) . 2009-09-07 15:26 . 2009-09-07 15:26 -------- d-----w- c:\users\Andreas\AppData\Local\temp 2009-09-07 15:26 . 2009-09-07 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-09-06 13:47 . 2009-09-06 14:04 -------- d-----w- c:\program files\Total Video Converter 2009-09-06 13:00 . 2009-09-06 14:33 -------- d-----w- c:\program files\WinAVI Video Capture 2009-09-06 12:53 . 2009-09-06 12:53 -------- d-----w- c:\users\Andreas\AppData\Local\WinAVI 2009-09-06 12:47 . 2009-09-06 12:47 -------- d-----w- c:\users\Andreas\AppData\Roaming\AVS4YOU 2009-09-06 12:47 . 2009-09-06 12:47 -------- d-----w- c:\programdata\AVS4YOU 2009-09-06 12:46 . 2009-09-06 14:32 -------- d-----w- c:\program files\Common Files\AVSMedia 2009-09-06 12:46 . 2009-09-06 14:32 -------- d-----w- c:\program files\AVS4YOU 2009-09-06 10:04 . 2009-09-07 16:12 -------- d-----w- c:\program files\LcdStudio 2009-09-03 13:56 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-03 13:56 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-26 21:00 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-08-18 19:29 . 2007-12-26 15:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll 2009-08-18 19:29 . 2007-12-26 15:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll 2009-08-18 19:29 . 2009-09-07 16:12 -------- d-----w- c:\program files\Cheat Engine 2009-08-12 18:24 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 18:24 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 18:24 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-12 18:24 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 18:24 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 18:24 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 18:24 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 18:24 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-07 16:11 . 2009-06-28 14:44 -------- d-----w- c:\program files\DivX 2009-09-07 16:11 . 2009-06-27 19:16 -------- d-----w- c:\programdata\avg8 2009-09-07 16:11 . 2009-06-27 19:05 -------- d-----w- c:\program files\Mplayer 2009-09-07 15:24 . 2006-11-21 05:21 80592 ----a-w- c:\windows\system32\perfc014.dat 2009-09-07 15:24 . 2006-11-21 05:21 460388 ----a-w- c:\windows\system32\perfh014.dat 2009-09-01 12:15 . 2009-05-26 16:03 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4 2009-08-29 10:26 . 2009-04-27 20:52 -------- d-----w- c:\program files\Java 2009-08-28 11:08 . 2009-06-27 19:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-28 11:08 . 2009-06-27 19:16 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-28 11:08 . 2009-06-27 19:16 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-23 17:37 . 2009-04-25 20:08 -------- d-----w- c:\users\Andreas\AppData\Roaming\Spotify 2009-08-19 18:58 . 2009-04-25 20:04 -------- d-----w- c:\users\Andreas\AppData\Roaming\uTorrent 2009-08-08 08:32 . 2009-05-05 12:06 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-08-02 18:08 . 2009-06-18 15:06 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-25 03:23 . 2009-04-27 20:52 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-21 21:52 . 2009-07-29 14:24 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 14:24 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 14:24 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-29 14:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-06-27 19:16 . 2009-06-27 19:16 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-06-27 14:25 . 2009-05-09 21:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-06-27 05:52 . 2009-04-25 18:12 56480 ----a-w- c:\users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-27 03:57 . 2009-06-20 20:07 137888 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2009-06-27 03:57 . 2009-06-20 20:07 189288 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-06-26 17:10 . 2009-06-20 20:07 139152 ----a-w- c:\users\Andreas\AppData\Roaming\PnkBstrK.sys 2009-06-26 17:10 . 2009-06-20 20:07 794408 ----a-w- c:\windows\system32\pbsvc.exe 2009-06-26 17:10 . 2009-06-20 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-06-15 15:24 . 2009-07-15 16:13 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 16:13 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 16:13 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 16:13 289792 ----a-w- c:\windows\system32\atmfd.dll 2006-05-02 16:23 . 2006-05-02 16:23 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll 2006-05-02 16:23 . 2006-05-02 16:23 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll 2006-05-02 16:23 . 2006-05-02 16:23 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2006-05-02 16:23 . 2006-05-02 16:23 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll 2006-05-02 16:23 . 2006-05-02 16:23 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll 2006-05-02 16:23 . 2006-05-02 16:23 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-13 1830128] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-28 2007832] "ScreenManager Pro for LCD"="c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe" [2007-08-30 10937640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-23 4435968] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{CC15A5FC-B6D3-4A2D-8A26-D8F2702A3C00}\IcoUltraMon.ico [2009-4-25 29310] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{91E87B6A-D6F1-49B1-AE1F-CDC7CB649872}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{0A12224D-7620-4B47-AE40-4936FC6B1960}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{B7A86F3B-099B-4215-B9DD-C75322DBF4D2}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{1157436D-8A92-4255-A38C-3092179C758F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{603081CC-6423-4369-813F-ACE975B063DD}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{01882BE6-BD44-47D4-892A-DC8B2D3C0D1D}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "{494B65A0-2010-40B5-AEFE-C0BD81F6EA33}"= UDP:3703:Adobe Version Cue CS3 Server "{8FBA634A-D61A-4624-A03D-409309CAB948}"= UDP:3704:Adobe Version Cue CS3 Server "{1BB16810-C3C6-478C-B7D1-AB33263F6F55}"= UDP:50900:Adobe Version Cue CS3 Server "{67E65E38-0978-410F-84FA-FAE06C07B035}"= UDP:50901:Adobe Version Cue CS3 Server "{6DEA36DE-2F83-413A-9BA4-713BF013D7C2}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{F304CCBD-040C-4CC2-B7F5-2A2BB9B27266}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{EAD57E25-7724-4A0D-B0F0-BBA0707B0E2B}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{B6D4DA94-9A74-4E79-BDDC-156E73EDA729}"= TCP:c:\program files\Spotify\spotify.exe:Spotify "TCP Query User{40B8FB71-C178-4F69-BE69-8FB633E7F707}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{518C516C-A9FE-4D70-9B03-E4EA09111B89}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{18427F67-0396-44AB-84AA-54ECE8DA6BD6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{FF36C127-8B39-43FF-AE4F-861CB7AD5B81}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{5F7FB0C7-38BA-4635-B4FE-EF5E4F408471}"= UDP:3703:Adobe Version Cue CS3 Server "{516487D9-0BAA-4899-BEF8-12BB1C65CEBC}"= UDP:3704:Adobe Version Cue CS3 Server "{7408B40B-4778-454F-94D7-61F6B6AE0036}"= UDP:50900:Adobe Version Cue CS3 Server "{DEB582B9-36D0-4989-A6E2-3C234CBCC49B}"= UDP:50901:Adobe Version Cue CS3 Server "{97098E43-E881-49A1-B212-6354126C8D2E}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{4E6FA2EF-09BB-455C-AE5E-178CC3A0402C}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{0A2C40E6-B8DE-4676-AEE7-743C44DF6C1E}c:\\wamp\\bin\\apache\\apache2.2.11\\bin\\httpd.exe"= UDP:c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe:Apache HTTP Server "UDP Query User{CD5CDD0A-8ABA-45F4-9A29-18CFD08284E9}c:\\wamp\\bin\\apache\\apache2.2.11\\bin\\httpd.exe"= TCP:c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe:Apache HTTP Server "{E0A9A376-70C3-4918-89C7-702C52F60A90}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{6755FF65-022E-498C-BB4E-E71659064981}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{4F299569-258B-41BD-B4B1-010B4E9437C6}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{3178ACC4-1D21-40F4-8ADA-09EB4E40B700}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{A1440BEB-F95A-430E-A215-773B9400B43C}c:\\program files\\usarmy\\america's army 3\\binaries\\aa3game.exe"= UDP:c:\program files\usarmy\america's army 3\binaries\aa3game.exe:AA3Game "UDP Query User{EE248A4C-28DD-455D-A1FC-E16E7AE99B0F}c:\\program files\\usarmy\\america's army 3\\binaries\\aa3game.exe"= TCP:c:\program files\usarmy\america's army 3\binaries\aa3game.exe:AA3Game "TCP Query User{246B0174-0872-492E-BF1B-E29D5187DC62}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{85BD1EC5-16E8-4B82-9E6B-85823ADF1D62}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++ "TCP Query User{1AC6AF73-804E-47FD-B664-A72F7AC64BD3}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{01BA07BF-CA9F-409A-AFDD-E712CE279811}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++ "TCP Query User{A42549E8-BE19-42C0-ABDC-8707B3A28992}c:\\program files\\odc\\odc.exe"= UDP:c:\program files\odc\odc.exe:oDC "UDP Query User{DA7823A8-4CCA-48F9-AC8B-2AEA1E59F48A}c:\\program files\\odc\\odc.exe"= TCP:c:\program files\odc\odc.exe:oDC "TCP Query User{56F8812C-7BAB-4B6C-B70D-AB48C535B5E4}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= UDP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry "UDP Query User{C12636AB-AC7B-42AD-A2E9-C638FEB0B200}c:\\program files\\ubisoft\\crytek\\far cry\\bin32\\farcry.exe"= TCP:c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe:Far Cry "{20F6FAD0-D003-42FA-AED2-EDA9AA1CFE68}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{376D1FD1-5E65-413F-8F2A-2CF1F20EFD28}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{E556EC7C-BC0F-4095-878A-497496EED760}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [02.05.2009 17:23 39472] R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\System32\drivers\pe3ah4nc.sys [18.05.2007 21:53 64880] R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\System32\drivers\ps6ah4nc.sys [18.05.2007 21:52 55160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27.06.2009 21:16 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27.06.2009 21:16 108552] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.05.2009 10:05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.05.2009 10:05 74480] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27.06.2009 21:16 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27.06.2009 21:16 297752] R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14.09.2008 17:32 10496] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [25.04.2009 20:57 46592] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [25.04.2009 20:57 111616] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.05.2009 10:05 7408] S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8tb9hvfe.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPOFFICE.DLL FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll FF - plugin: c:\program files\Opera\program\plugins\npican.dll FF - plugin: c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8tb9hvfe.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll FF - plugin: c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\8tb9hvfe.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-07 17:26 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-09-07 17:29 ComboFix-quarantined-files.txt 2009-09-07 15:29 ComboFix2.txt 2009-05-29 11:32 Pre-Run: 30 357 954 560 byte ledig Post-Run: 30 364 700 672 byte ledig 221 --- E O F --- 2009-09-04 13:51 Lenke til kommentar
Mr.Anki Skrevet 9. september 2009 Forfatter Del Skrevet 9. september 2009 Noen som kan ta en titt på loggen? Lenke til kommentar
norbat Skrevet 12. september 2009 Del Skrevet 12. september 2009 Loggen viser ingen tegn på malware. Hvordan fungerer pc'n? Lenke til kommentar
Mr.Anki Skrevet 12. september 2009 Forfatter Del Skrevet 12. september 2009 Takk skal du ha! Ting fungerer fint nå, får håpe alt er vekk Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå