[LØST]Norbat jeg trenger hjelp med noen virus

JohnWoW · 8. juli 2008

Når jeg logger på maskinen så fryser den seg, jeg trenger hjelp her jeg får verken til å scanne SaS eller HJT. Siden jeg kan bare være i safemode. Så jeg får ikke til å installere noe.

Takk på forhånd.

Endret 9. juli 2008 av JohnWoW

snippsat · 8. juli 2008

Logg på sikkerhetmodus med nettverk.

Her gjør du dette.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

JohnWoW · 8. juli 2008

ComboFix 08-07-07.3 - John 2008-07-08 9:58:39.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1591 [GMT -7:00]

Running from: C:\Users\John\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DRV\Tuner\Yuan\Resources\_desktop.ini

C:\Windows\icon.ico

C:\Windows\system32\ACER.exe

C:\Windows\system32\x64

C:\Windows\system32\x64\csnp2uvc.dll

C:\Windows\system32\x64\rsnpvc64.dll

C:\Windows\system32\x64\sncduvc.sys

C:\Windows\system32\x64\snp2uvc.sys

C:\Windows\system32\x64\vsnpvc64.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-08 16:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-08 15:19 23 ----a-w C:\Users\John\jagex_runescape_preferences.dat

2008-07-07 12:47 --------- d-----w C:\Program Files\Vstplugins

2008-07-07 12:46 --------- d-----w C:\Program Files\Sony

2008-07-07 12:44 --------- d-----w C:\Program Files\Sony Setup

2008-07-07 12:32 --------- d-----w C:\Users\John\AppData\Roaming\ESET

2008-07-07 12:28 --------- d-----w C:\Program Files\ESET

2008-07-07 12:28 --------- d-----w C:\PROGRA~2\ESET

2008-07-07 12:17 --------- d-----w C:\Users\John\AppData\Roaming\LimeWire

2008-07-07 10:37 27,744 ----a-w C:\Users\John\AppData\Roaming\nvModes.dat

2008-07-06 22:42 --------- d-----w C:\Users\John\AppData\Roaming\Xfire

2008-07-06 22:41 --------- d-----w C:\Users\John\AppData\Roaming\skypePM

2008-07-06 22:41 --------- d-----w C:\Users\John\AppData\Roaming\Skype

2008-07-06 13:59 --------- d-----w C:\Users\John\AppData\Roaming\Download Manager

2008-07-06 02:20 --------- d-----w C:\Program Files\World of Warcraft

2008-07-01 10:44 23,352 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-07-01 10:44 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-07-01 08:03 --------- d-----w C:\Users\John\AppData\Roaming\HLSW

2008-06-29 01:27 --------- d-----w C:\Users\John\AppData\Roaming\Ventrilo

2008-06-29 01:27 --------- d-----w C:\Program Files\Ventrilo

2008-06-29 01:20 --------- d-----w C:\Program Files\VentSrv

2008-06-27 12:23 --------- d-s---w C:\Program Files\HLSW

2008-06-26 20:41 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory

2008-06-26 16:14 --------- d-----w C:\Users\John\AppData\Roaming\SiteAdvisor

2008-06-24 22:24 --------- d-----w C:\PROGRA~2\Xfire

2008-06-24 22:21 --------- d-----w C:\Program Files\McAfee

2008-06-20 09:43 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys

2008-06-20 09:43 12,936 ----a-w C:\Windows\system32\drivers\avgrkx86.sys

2008-06-20 09:42 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys

2008-06-20 09:42 10,520 ----a-w C:\Windows\System32\avgrsstx.dll

2008-06-15 19:29 --------- d-----w C:\Program Files\QuickTime

2008-06-15 19:28 --------- d-----w C:\PROGRA~2\Apple Computer

2008-06-15 19:26 --------- d-----w C:\Program Files\Apple Software Update

2008-06-15 19:26 --------- d-----w C:\PROGRA~2\Apple

2008-06-14 10:22 --------- d-----w C:\Program Files\SwiftSwitch

2008-06-14 10:21 --------- d-----w C:\PROGRA~2\SwiftSwitch

2008-06-13 19:02 --------- d-----w C:\Program Files\SwiftKit

2008-06-13 19:02 --------- d-----w C:\PROGRA~2\SwiftKit

2008-06-13 14:22 --------- d-----w C:\Program Files\Windows Mail

2008-06-13 13:15 --------- d-----w C:\PROGRA~2\Xerox

2008-06-11 19:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-11 13:39 --------- d-----w C:\Program Files\Xfire

2008-06-11 01:56 71,688 ----a-w C:\Windows\system32\drivers\epfw.sys

2008-06-11 01:56 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys

2008-06-11 01:56 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys

2008-06-11 01:48 53,256 ----a-w C:\Windows\system32\drivers\easdrv.sys

2008-06-11 01:47 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys

2008-06-09 06:03 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-06-08 22:19 56 ---ha-w C:\Users\All Users\ezsidmv.dat

2008-06-08 22:19 56 ---ha-w C:\PROGRA~2\ezsidmv.dat

2008-06-08 21:53 --------- d-----w C:\Program Files\Skype

2008-06-08 21:53 --------- d-----w C:\Program Files\Common Files\Skype

2008-06-08 21:53 --------- d-----w C:\PROGRA~2\Skype

2008-06-08 01:59 --------- d-----w C:\Program Files\Wisdom-soft ScreenHunter 5 Free

2008-06-08 01:59 --------- d-----w C:\Program Files\Wisdom-soft

2008-06-08 01:02 --------- d-----w C:\PROGRA~2\NVIDIA

2008-06-08 00:14 174 --sha-w C:\Program Files\desktop.ini

2008-06-08 00:05 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-08 00:05 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-08 00:05 --------- d-----w C:\Program Files\Windows Journal

2008-06-08 00:05 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-08 00:05 --------- d-----w C:\Program Files\Windows Calendar

2008-06-08 00:04 --------- d-----w C:\Program Files\Windows Defender

2008-06-07 23:15 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-07 23:15 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-04 13:07 110,487 ----a-w C:\patch2.5.1.zip

2008-06-03 00:56 41,296 ----a-w C:\Windows\System32\xfcodec.dll

2008-06-01 20:16 31,569,865 ----a-w C:\clientsetup.exe

2008-06-01 13:06 --------- d-----w C:\Program Files\Google

2008-06-01 12:53 31,044,013 ----a-w C:\webclient.exe

2008-06-01 12:13 --------- d-----w C:\Program Files\Java

2008-05-31 10:23 --------- d-----w C:\Program Files\Ghost Control

2008-05-31 10:19 --------- d-----w C:\PROGRA~2\Ghost Controls

2008-05-31 06:57 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-05-30 23:53 --------- d-----w C:\Program Files\AVG

2008-05-30 23:53 --------- d-----w C:\PROGRA~2\avg8

2008-05-30 15:35 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-05-30 15:35 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-05-30 15:35 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-05-30 15:35 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-05-30 15:35 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-05-30 15:35 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-05-30 15:35 1,695,744 ----a-w C:\Windows\System32\gameux.dll

2008-05-29 03:02 --------- d-----w C:\Program Files\Return to Castle Wolfenstein

2008-05-28 06:18 --------- d-----w C:\Users\John\AppData\Roaming\Creative

2008-05-28 06:04 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-28 06:04 --------- d-----w C:\Program Files\Creative

2008-05-28 06:04 --------- d-----w C:\Program Files\Audible

2008-05-28 06:02 --------- d--h--w C:\Program Files\Creative Installation Information

2008-05-28 06:00 --------- d-----w C:\Program Files\Common Files\Creative

2008-05-28 05:59 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-05-28 05:59 --------- d-----w C:\PROGRA~2\Creative

2008-05-28 05:41 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-27 23:11 --------- d-----w C:\PROGRA~2\Yahoo! Companion

2008-05-27 22:37 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment

2008-05-27 04:16 16,361,984 ----a-w C:\Windows\System32\imageres.dll

2008-05-27 04:16 --------- d-----w C:\PROGRA~2\Stardock

2008-05-27 03:50 --------- d--h--w C:\PROGRA~2\{34209BB4-FC9C-4BF9-A8B1-B67252D83CBC}

2008-05-27 03:50 --------- d-----w C:\Program Files\Stardock

2008-05-27 03:50 --------- d-----w C:\Program Files\Common Files\Stardock

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

2007-07-17 15:59 1379352 --a------ C:\Program Files\Wisdom-soft\tbWisd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "C:\Program Files\Wisdom-soft\tbWisd.dll" [2007-07-17 15:59 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "C:\Program Files\Wisdom-soft\tbWisd.dll" [2007-07-17 15:59 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]

"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56 278528]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 14:57 36640]

"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 10:56 200704]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 01:06 159744]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-12 01:50 1286144]

"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-10-16 22:57 768520]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 11:14 200704]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]

"CTRegRun"="C:\Windows\CTRegRun.EXE" [1999-10-10 10:00 41984]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-20 02:42 1231128]

"Ghost Control"="C:\Program Files\Ghost Control\ghost.exe" [2006-04-13 10:03 1318912]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-14 20:03 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-14 20:03 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-14 20:03 81920]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 20:06 4669440 C:\Windows\RtHDVCpl.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]

"Skytel"="Skytel.exe" [2007-06-15 01:45 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [3/14/2008 6:20:23 AM 535336]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [5/26/2008 2:32:40 PM 67128]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [5/26/2008 2:30:29 PM 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{C2A1D7D8-5E60-43B3-8C64-56E2FD0F1A6E}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{FFFC3BA7-42FA-4EF7-AA4A-86B9618BEE12}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{2CF76228-7F2D-474C-BD0D-312488955B33}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{D5EB5DDA-79AB-4AE0-B34C-CE6232DA4B1F}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{4C5B714C-2BB9-4A36-AA02-B2F9DD1E043F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6667EEFC-C43F-44A8-8A7C-A55AABB1E364}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{649A7915-472E-446B-BCDD-44D669BA5708}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{86F94C97-CE46-40E6-9241-656BC772BCE2}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{94D8934B-4764-434D-A57C-F058B099FDFC}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{145E3101-D8D2-43A3-9F7A-0509F60A9F53}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{043F7726-5463-434B-9E55-0C5FD209C029}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{0567A25E-85D0-4669-860F-5E982C66264F}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{93E791E2-D018-4AC4-BC3E-26580DC27BB9}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{0B153CF6-1701-4982-8FC5-F74C70254AB0}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{0E3AF50A-8181-4E8A-ABC1-306CA690655C}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{DCFBBBC7-9F48-4849-B5DB-451A681C8835}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

"{61A41D3D-B5CF-4E4C-8560-0B79EE48F55F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{7D50BF57-98FC-4293-AC35-CB9843049A53}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{13281F59-AE8A-41B4-8ED4-30F9326A6A3E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{129B8795-E0DE-4468-AC95-F8752DA3CA49}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{15D171B5-8BF3-44FB-8519-BB8386C9EBB9}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{AF9973B3-FD36-4CDE-90E0-50DB95432D79}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{DC542E05-392A-4002-B223-2EBD4C384057}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{47C1E6CD-27A3-4656-B106-3CD66F0100E8}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars

"{687DAF64-1AD0-4BFB-967C-369989052AE6}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars

"{A4A0E304-FB9E-4F1C-9EC2-F73558CB2692}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe

"{2134D0F5-3EAE-42C6-9C11-37A2E3CC8DA3}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe

"{3BB2F1D5-1248-4437-ADC1-0F8603BB27EF}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

"{4403DED3-9FFD-427A-A818-553ECC957396}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

"{CECE362C-84D2-4260-94E8-6162962AEB64}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{BEEDD9EF-E117-4E5D-9479-8DE6D9FBFE6A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-06-20 02:43]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 01:26]

S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-20 02:42]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 17:15]

S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-20 02:43]

S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-20 02:42]

S3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-20 02:43]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 00:00]

*Newly Created Service* - CATCHME

*Newly Created Service* - ECACHE

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-SetPanel - C:\Acer\APanel\APanel.cmd

HKLM-Run-Acer Tour Reminder - C:\Acer\AcerTour\Reminder.exe

HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-08 10:00:44

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-08 10:01:54

ComboFix-quarantined-files.txt 2008-07-08 17:01:39

The system cannot find message text for message number 0x2379 in the message file for Application.

Post-Run: 50,948,931,584 bytes free

252 --- E O F --- 2008-06-25 10:01:42

Her er loggen.

snippsat · 8. juli 2008

Combofix slettet 9 filer.

Kjører du flere antivirus på systemet?

Dette kan lage problemer,også de problemer du har nå.

Du kan kun ha et på systemet.

Prøv og starte normalmodus nå.

Endret 8. juli 2008 av SNIPPSAT

JohnWoW · 8. juli 2008

Det krasja

snippsat · 8. juli 2008

Hvor lenge har du hatt dette problemet?

Kom det etter du innstallerte noe eksp:antivirus.

Vi kan sette den tilbake med systemgjenopptetting fra sikkerhetmodus.

En ting du kan prøve først i sikkerhetmodus er.

Kontrolpanel->brukerkontoer

Her lager du en ny bruker.

Logger deg på den og ser hva som skjer.

Endret 8. juli 2008 av SNIPPSAT

JohnWoW · 8. juli 2008

Fikk problemet i går, funket ikke med ny bruker.Så da tar vi å system gjenoppretter?

snippsat · 8. juli 2008

Da setter du den tilbake,velg en tid og dato før problemet.

Tilbehør->systemverktøy->systemgjenoppretting

Når det fungere nye logger fra combofix og HJT.

Endret 8. juli 2008 av SNIPPSAT

JohnWoW · 8. juli 2008

Det skjedde ingen forskjell, etter system restore mener jeg. Jeg satte det tilbake 5 dager.

snippsat · 8. juli 2008

Kjør combofix på nytt nå og post loggen.

HijackThis

Dowload executetable og post loggen.

Endret 8. juli 2008 av SNIPPSAT

JohnWoW · 8. juli 2008

Combofix logg

ComboFix 08-07-07.3 - John 2008-07-08 12:38:38.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1682 [GMT -7:00]

Running from: C:\Users\John\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DRV\Tuner\Yuan\Resources\_desktop.ini

C:\Windows\icon.ico

C:\Windows\system32\ACER.exe

C:\Windows\system32\x64

C:\Windows\system32\x64\csnp2uvc.dll

C:\Windows\system32\x64\rsnpvc64.dll

C:\Windows\system32\x64\sncduvc.sys

C:\Windows\system32\x64\snp2uvc.sys

C:\Windows\system32\x64\vsnpvc64.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-08 19:54 --------- d-s---w C:\Program Files\HLSW

2008-07-08 19:54 --------- d-----w C:\Users\John\AppData\Roaming\Xfire

2008-07-08 19:54 --------- d-----w C:\Users\John\AppData\Roaming\Ventrilo

2008-07-08 19:54 --------- d-----w C:\Users\John\AppData\Roaming\HLSW

2008-07-08 19:54 --------- d-----w C:\Program Files\Windows Defender

2008-07-08 19:54 --------- d-----w C:\Program Files\VentSrv

2008-07-08 19:54 --------- d-----w C:\Program Files\Ventrilo

2008-07-08 19:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-07-08 19:54 --------- d-----w C:\PROGRA~2\Xfire

2008-07-08 19:12 23 ----a-w C:\Users\John\jagex_runescape_preferences.dat