Donk2k Skrevet 29. desember 2009 Del Skrevet 29. desember 2009 (endret) ComboFix ComboFix 09-12-28.06 - Espen og Marit 29.12.2009 15:13:02.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2936.1915 [GMT 1:00] Kjører fra: c:\users\TEMP\Desktop\ComboFix.exe AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2922608681-4189496252-3917657204-500 c:\users\Espen og Marit\AppData\Roaming\Microsoft\AdjMmsVista.dll c:\windows\system32\reboot.txt c:\windows\system32\skinboxer43.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-28 til 2009-12-29 ))))))))))))))))))))))))))))))))) . 2009-12-29 14:19 . 2009-12-29 14:20 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2009-12-29 14:19 . 2009-12-29 14:19 -------- d-----w- c:\users\Espen og Marit\AppData\Local\temp 2009-12-29 14:19 . 2009-12-29 14:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-29 13:53 . 2009-12-29 13:53 -------- d-----w- c:\users\TEMP\AppData\Local\Opera 2009-12-29 13:51 . 2009-12-29 13:51 70176 ----a-w- c:\users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-29 13:50 . 2009-12-29 13:50 -------- d-----w- c:\users\TEMP\AppData\Local\VirtualStore 2009-12-29 13:27 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-29 13:27 . 2009-12-29 13:27 -------- d-----w- c:\programdata\Malwarebytes 2009-12-29 13:27 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 13:27 . 2009-12-29 13:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 10:58 . 2009-12-29 10:58 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-12-29 10:58 . 2009-12-29 10:58 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-12-29 10:55 . 2009-12-29 10:55 -------- d-----w- c:\program files\Lavasoft 2009-12-29 10:37 . 2009-12-29 10:37 -------- d-----w- c:\program files\CCleaner 2009-12-29 10:35 . 2009-12-29 10:55 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9} 2009-12-29 09:59 . 2009-12-29 09:59 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys 2009-12-27 22:36 . 2009-12-28 11:34 -------- d-----w- C:\WinSetupFromUSB 2009-12-12 14:11 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-12 14:11 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-12 14:11 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-09 23:06 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2009-12-08 19:13 . 2009-11-18 17:11 1347584 ----a-w- c:\windows\system32\rapture3d_oal.dll 2009-12-08 19:13 . 2009-11-01 12:11 17686528 ----a-w- c:\windows\system32\mkl_blueripple.dll 2009-12-08 19:13 . 2009-12-08 19:13 -------- d-----w- c:\program files\BRS 2009-12-08 17:28 . 2009-12-08 17:28 1582400 ----a-w- c:\programdata\hps\18\setup_Min_CeWe_Fotoverden.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-29 13:52 . 2008-04-10 08:19 76478 ----a-w- c:\windows\system32\perfc014.dat 2009-12-29 13:52 . 2008-04-10 08:19 452326 ----a-w- c:\windows\system32\perfh014.dat 2009-12-29 13:47 . 2009-07-11 17:02 -------- d-----w- c:\program files\Norman 2009-12-29 10:58 . 2009-12-29 10:55 -------- d-----w- c:\programdata\Lavasoft 2009-12-29 10:58 . 2009-12-29 10:58 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-12-29 10:58 . 2009-12-29 10:58 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-12-29 10:58 . 2009-12-29 10:58 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-12-29 10:58 . 2009-12-29 10:58 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-12-29 10:57 . 2009-12-29 10:57 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll 2009-12-29 10:57 . 2009-12-29 10:57 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-12-29 10:57 . 2009-12-29 10:57 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-12-29 10:57 . 2009-12-29 10:57 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-12-29 10:57 . 2009-12-29 10:57 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-12-29 10:57 . 2009-12-29 10:57 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-12-29 10:57 . 2009-12-29 10:57 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-12-10 12:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-08 19:12 . 2009-12-08 19:12 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-12-08 19:12 . 2009-12-08 19:12 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2009-12-08 19:12 . 2009-12-08 19:12 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-08 19:12 . 2009-12-08 19:12 -------- d-----w- c:\program files\OpenAL 2009-12-08 19:06 . 2008-01-14 10:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-07 14:10 . 2009-12-29 10:55 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe 2009-11-26 15:42 . 2009-11-26 15:42 -------- d-----w- c:\programdata\InstallShield 2009-11-26 15:42 . 2009-11-26 15:40 -------- d-----w- c:\program files\RALINK 2009-11-26 15:42 . 2009-11-26 15:40 -------- d-----w- c:\program files\Common Files\InstallShield 2009-11-18 12:15 . 2009-11-18 12:07 -------- d-----w- c:\users\Espen og Marit\AppData\Roaming\Winamp 2009-11-18 12:08 . 2009-11-18 12:07 -------- d-----w- c:\program files\Winamp 2009-11-18 12:07 . 2009-11-18 12:07 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-11-18 00:22 . 2009-07-11 16:56 -------- d-----w- c:\program files\Google 2009-11-03 09:56 . 2009-11-03 09:56 -------- d-----w- c:\programdata\hps 2009-11-03 09:54 . 2009-11-03 09:54 -------- d-----w- c:\program files\CeWe Color 2009-11-02 19:42 . 2009-10-02 19:11 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:41 . 2009-11-26 02:01 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-28 10:32 . 2009-12-08 19:12 809560 ----a-r- c:\windows\system32\tmpC7B7.tmp 2009-10-28 10:32 . 2009-12-08 19:10 809560 ----a-r- c:\windows\system32\tmpC777.tmp 2009-10-27 13:20 . 2009-12-09 23:05 833024 ----a-w- c:\windows\system32\wininet.dll 2009-10-27 13:16 . 2009-12-09 23:05 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-27 10:55 . 2009-12-09 23:05 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-07 12:41 . 2009-12-09 23:05 244224 ----a-w- c:\windows\system32\rastls.dll 2009-10-07 12:41 . 2009-12-09 23:05 281600 ----a-w- c:\windows\system32\raschap.dll 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2007-12-17 273520] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-12 148888] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-12-03 1394000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-11-26 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher] 2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3133606288-3571827788-2808946440-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000002 R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [29.12.2009 10:59 24856] R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [10.12.2009 00:01 24168] R2 NVOY;Norman's Very Own supplY of resources;c:\program files\Norman\Npm\Bin\nvoy.exe [11.07.2009 18:02 121912] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [11.12.2009 05:33 283976] R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\nvcsched.exe [11.07.2009 18:02 154680] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [14.01.2008 11:05 337920] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 12:46 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02.12.2009 14:19 1181328] S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr73.sys [11.05.2007 16:40 329728] S3 NvcMFlt;NvcMFlt;c:\windows\System32\drivers\nvcv32mf.sys [11.07.2009 18:02 19512] S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [11.07.2009 18:02 187448] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv . ------- Tilleggsskanning ------- . mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD . - - - - TOMME PEKERE FJERNET - - - - HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-29 15:20 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-12-29 15:23:15 ComboFix-quarantined-files.txt 2009-12-29 14:23 Pre-Run: 69 203 288 064 byte ledig Post-Run: 69 228 208 128 byte ledig - - End Of File - - F8E50554AB736588C3F930C0F33FA345 MBAM: Malwarebytes' Anti-Malware 1.42 Database version: 3449 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 29.12.2009 15:50:35 mbam-log-2009-12-29 (15-50-35).txt Scan type: Quick Scan Objects scanned: 105897 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Dette er run nummer 2, på første run så fikk jeg 2stk infected files som den fjerna, men siden jeg har et problem med at den ikke lagrer ting etter restart nå så er den loggen forsvunnet. Endret 29. desember 2009 av Donk2k Lenke til kommentar
norbat Skrevet 29. desember 2009 Del Skrevet 29. desember 2009 Ser greit ut. Har du mistanke om noe? Lenke til kommentar
Donk2k Skrevet 29. desember 2009 Forfatter Del Skrevet 29. desember 2009 Ser greit ut. Har du mistanke om noe? Tusen takk. Ja jeg kommer ikke inn på profilen min i Vista. Står at den ikke kunne laste inn brukeren og at den kjører i en slags midlertidig-status. Alt som lagres forsvinner ved reboot og pc'n går meget treigt. Før dette skjedde dreiv jeg å prøvde å lage oppstarts-USB-brikke. Kjørte da en del forskjellige EXE filer som ba meg sette inn floppy. Dette fungerte ikke (laptop uten floppy), men kan kanskje gi en indikasjon om hva som har skjedd. Lenke til kommentar
norbat Skrevet 29. desember 2009 Del Skrevet 29. desember 2009 Prøv å kjøre en systemgjenoppretting til før problemet oppsto. Om dette ikke funker via profilen med midlertidig status, kan du starte opp i sikkermodus (trykk f8 under oppstart) og gå inn på kontoen som heter Administrator. Kjør systemgjenopprettingen derfra. Lenke til kommentar
Donk2k Skrevet 29. desember 2009 Forfatter Del Skrevet 29. desember 2009 Prøv å kjøre en systemgjenoppretting til før problemet oppsto. Om dette ikke funker via profilen med midlertidig status, kan du starte opp i sikkermodus (trykk f8 under oppstart) og gå inn på kontoen som heter Administrator. Kjør systemgjenopprettingen derfra. Takker, skal prøve det ut. Lenke til kommentar
Donk2k Skrevet 29. desember 2009 Forfatter Del Skrevet 29. desember 2009 Vista hadde ingen gjennoppretningspunkter så den planen gikk i dass, tenkte jeg ikke gadd å styre mer med dette og starta med å installere XP pro, men da får jeg bare bluescreen når den loader windows filer fra CD'en ... Noen forslag ? Lenke til kommentar
norbat Skrevet 30. desember 2009 Del Skrevet 30. desember 2009 Hvis du har en Vista cd/dvd, så kan du prøve å reparere Vistainstallasjonen. Lenke til kommentar
Donk2k Skrevet 31. desember 2009 Forfatter Del Skrevet 31. desember 2009 Hvis du har en Vista cd/dvd, så kan du prøve å reparere Vistainstallasjonen. Endte med at jeg installerte windows 7. Dette fungerte uten problemer. Det som var rart med xp var at det ble testet med 2 forskjellige cd'er. En jeg har brukt mange ganger før og en ny-brennt orginal-nedlasta xp med lisens osv. Men nå er alt i orden. Takker og bukker. Og godt nyttår. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå