[LØST] Feil med pålogging: userinit.exe

17 innlegg i emnet

Skrevet

Når jeg starter PCen og logger meg på "hovedbrukeren" får jeg opp feilmelding; userinit.exe - Programfeil. Programmet ble ikke riktig intialisert (0xc0000005). Jeg klikker da OK og PCen logger seg på. Problemet er da at det ikke dukker opp noen ikoner på skrivebordet og startlinjen er borte. Når jeg går inn på oppgavebehandling kan jeg starte prosesser derifra. På den nandre brukeren på PCen fungerer alt fint.

Jeg har prøvd å lest litt, men litt usikker på hva jeg skal gjøre. Leste blant annet noe om at det går an å kopiere "userinit.exe" fra en annen PC? Eller må jeg instalere windows på nytt?

Trenger hjep og rådl!

Takk:-)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Problemet ditt skyldes (sannsynligvis) spyware og hvis du ønsker å rense så gjør du følgende:

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Du vil antakelig få beskjed om at regedit etc. ikke kan starte, men la bare combofix få kjøre uten at du klikker på noen vindu. Hvis det er problemer i normal modus, så prøv å kjøre combofix fra sikker modus.

Edit: Er det slik at når du fra oppgavebehandlingen velger å start explorer.exe (slik at du får opp iconene og oppgavelinja), så fungerer pc'n helt vanlig?

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Takk! :D

Jeg får sikkert ikke ordnet det før i morgen, men skal poste opp loggen så fort som mulig!

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei!

Nå har jeg kjørt combofix!

Når jeg velger å starte explorer.exe får jeg opp iconene og oppgavelinja før det kommer melding om at explorer.exe desverre må avsluttes.....

Men jeg har vel spyware på maskina enda? Jeg bør vel få fjernet det også? Kan jeg da bruke adaware eller spywaredoctor til det, eller har du andre forslag?

Loggen fra combofix kommer her:


ComboFix 08-06-20.4 - Amlien 2008-06-28 14:24:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.589 [GMT 2:00]
Running from: C:\Documents and Settings\Amlien\Skrivebord\ComboFix.exe
* Created a new restore point

[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM4f71e805.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adfefMoq.ini
C:\WINDOWS\system32\adfefMoq.ini2
C:\WINDOWS\system32\kkuohyeg.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhtyrhcr.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qjurqxvp.ini
C:\WINDOWS\system32\yvpqchlm.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2008-06-25 20:17 . 2008-06-25 20:17 <DIR> d-------- C:\Documents and Settings\Eivnd\Programdata\Ahead
2008-06-25 20:15 . 2008-06-25 20:15 <DIR> d-------- C:\Documents and Settings\Eivnd\Programdata\uTorrent
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere
2008-06-24 21:09 . 2007-03-16 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste
2008-06-24 21:09 . 2007-11-25 22:17 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter
2008-06-24 21:09 . 2007-03-16 19:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter
2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask
2008-06-24 21:09 . 2008-06-24 21:09 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-23 20:50 . 2008-06-23 20:50 137,728 --a------ C:\WINDOWS\system32\dclpqbgj.dll
2008-06-23 20:48 . 2008-06-23 20:48 131,584 --a------ C:\WINDOWS\system32\mntdesxn.dll
2008-06-22 20:49 . 2008-06-22 20:49 128,512 --a------ C:\WINDOWS\system32\bywjivvs.dll
2008-06-22 20:47 . 2008-06-22 20:47 128,512 --a------ C:\WINDOWS\system32\tkblfeuk.dll
2008-06-22 20:47 . 2008-06-22 20:47 121,344 --a------ C:\WINDOWS\system32\mlhcqpvy.dll
2008-06-20 16:16 . 2008-06-20 16:16 295,424 --a------ C:\WINDOWS\system32\qoMfefda.dll
2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\WINDOWS\system32\modtrux05
2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\Temp\syschk3
2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\Temp
2008-06-20 16:11 . 2008-06-20 16:11 44,544 --a------ C:\WINDOWS\system32\khfGxWmm.dll
2008-06-18 13:13 . 2008-04-14 17:54 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 12:30 --------- d-----w C:\Programfiler\Symantec AntiVirus
2008-06-23 22:08 --------- d-----w C:\Documents and Settings\Amlien\Programdata\uTorrent
2008-06-08 21:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help
2008-05-27 18:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-30 18:42 --------- d-----w C:\Programfiler\Valve
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3464C529-5E84-4EBA-9308-22F6DA2E7B76}]
2008-06-20 16:16 295424 --a------ C:\WINDOWS\system32\qoMfefda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E06327D-0415-475F-898B-6ACFB316073E}]
2008-06-20 16:11 44544 --a------ C:\WINDOWS\system32\khfGxWmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ef7efbf-8bc0-4b0e-b1df-5e0a76153a24}]
2008-06-23 20:50 137728 --a------ C:\WINDOWS\system32\dclpqbgj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]
"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-18 15:10 16384]
"H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]
"LanguageShortcut"="C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29 49152]
"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []
"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2002-07-22 03:10 577602]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"MMTray"="C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 12:06 110592]
"QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 07:24 286720]
"CanonSolutionMenu"="C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696]
"CanonMyPrinter"="C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2005-04-22 17:51 1236992]
"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"4c42db99"="C:\WINDOWS\system32\mlhcqpvy.dll" [2008-06-22 20:47 121344]
"BM4f71e805"="C:\WINDOWS\system32\mntdesxn.dll" [2008-06-23 20:48 131584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

C:\Documents and Settings\Eivnd\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\Amlien\Start-meny\Programmer\Oppstart\
OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-18 15:10:26 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4E06327D-0415-475F-898B-6ACFB316073E}"= C:\WINDOWS\system32\khfGxWmm.dll [2008-06-20 16:11 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxWmm]
khfGxWmm.dll 2008-06-20 16:11 44544 C:\WINDOWS\system32\khfGxWmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
Winlognotif.dll 2003-09-03 07:14 49152 C:\WINDOWS\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=dclpqbgj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\MSN Messenger\\livecall.exe"=
"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=
"D:\\Downloads\\utorrent.exe"=
"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Programfiler\\AOpen\\Multimedia Utilities\\LIVEUPD.EXE"=
"D:\\Spill\\Battlefiled 2\\BF2.exe"=
"C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"D:\\Spill\\FM08\\fm.exe"=
"C:\\Programfiler\\Valve\\hl.exe"=
"C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"17298:TCP"= 17298:TCP:utorent
"17298:UDP"= 17298:UDP:utorent

R2 NetSentinel;NetSentinel;C:\WINDOWS\system32\NSSRVICE.EXE [2006-08-30 15:05]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 01:00]
R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [2006-08-30 15:05]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 14:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-23 18:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
"2008-06-28 12:33:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programfiler\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-06-28 14:30:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\khfGxWmm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Windows Defender\MsMpEng.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programfiler\CyberLink\Shared files\RichVideo.exe
C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Symantec AntiVirus\Rtvscan.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Restore\rstrui.exe
.
**************************************************************************
.
Completion time: 2008-06-28 14:35:25 - machine was rebooted [Amlien]
ComboFix-quarantined-files.txt 2008-06-28 12:35:19

Pre-Run: 778,870,784 byte ledig
Post-Run: 1,582,878,720 byte ledig

185 --- E O F --- 2008-06-19 22:47:59

[/codebox]

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Hei stepper litt inn for norbat som nok er offline nå.

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

cfscriptyt1.gif

File::

C:\WINDOWS\system32\dclpqbgj.dll

C:\WINDOWS\system32\mntdesxn.dll

C:\WINDOWS\system32\bywjivvs.dll

C:\WINDOWS\system32\tkblfeuk.dll

C:\WINDOWS\system32\mlhcqpvy.dll

C:\WINDOWS\system32\qoMfefda.dll

C:\WINDOWS\system32\khfGxWmm.dll

Folder::

C:\WINDOWS\system32\modtrux05

C:\Temp\syschk3

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3464C529-5E84-4EBA-9308-22F6DA2E7B76}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E06327D-0415-475F-898B-6ACFB316073E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ef7efbf-8bc0-4b0e-b1df-5e0a76153a24}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"4c42db99"=-

"BM4f71e805"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{4E06327D-0415-475F-898B-6ACFB316073E}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxWmm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=-

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser"svar ja til og reparere"(kjør en par ganger til alle feil er borte)

---

Last ned MBAM til skrivebordet.

Kjør fila og installer programmet. Velg Norsk språkdrakt

La programmet oppdatere seg og velg å kjør en hurtig systemskann.

Du får en meldingsboks når programmet er ferdigkjørt

Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet.

Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies

---

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log"

Post HijackThis.txt

---

Da er logger fra combofix-MBAM-hijackthis vi trenger.

Du er nok i nærhet av ren etter dette tenker jeg, litt opprydding finpuss tenker jeg.

Endret av snippsat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Takk!

Det blir vel litt å gjøre nå ser det ut til :P

Her er loggen fra combofix når jeg dro txt filen over:

ComboFix 08-06-20.4 - Amlien 2008-06-28 17:37:50.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.510 [GMT 2:00]

Running from: C:\Documents and Settings\Amlien\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Amlien\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\system32\bywjivvs.dll

C:\WINDOWS\system32\dclpqbgj.dll

C:\WINDOWS\system32\khfGxWmm.dll

C:\WINDOWS\system32\mlhcqpvy.dll

C:\WINDOWS\system32\mntdesxn.dll

C:\WINDOWS\system32\qoMfefda.dll

C:\WINDOWS\system32\tkblfeuk.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Temp\syschk3

C:\WINDOWS\system32\bywjivvs.dll

C:\WINDOWS\system32\dclpqbgj.dll

C:\WINDOWS\system32\khfGxWmm.dll

C:\WINDOWS\system32\mlhcqpvy.dll

C:\WINDOWS\system32\mntdesxn.dll

C:\WINDOWS\system32\modtrux05

C:\WINDOWS\system32\qoMfefda.dll

C:\WINDOWS\system32\tkblfeuk.dll

.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))

.

2008-06-25 20:17 . 2008-06-25 20:17 <DIR> d-------- C:\Documents and Settings\Eivnd\Programdata\Ahead

2008-06-25 20:15 . 2008-06-25 20:15 <DIR> d-------- C:\Documents and Settings\Eivnd\Programdata\uTorrent

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere

2008-06-24 21:09 . 2007-03-16 21:35 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste

2008-06-24 21:09 . 2007-11-25 22:17 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter

2008-06-24 21:09 . 2007-03-16 19:05 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter

2008-06-24 21:09 . 2007-03-16 18:59 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask

2008-06-24 21:09 . 2008-06-24 21:09 <DIR> d-------- C:\Documents and Settings\Administrator

2008-06-20 16:11 . 2008-06-28 17:38 <DIR> d-------- C:\Temp

2008-06-18 13:13 . 2008-04-14 17:54 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-28 15:42 --------- d-----w C:\Programfiler\Symantec AntiVirus

2008-06-23 22:08 --------- d-----w C:\Documents and Settings\Amlien\Programdata\uTorrent

2008-06-08 21:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-27 18:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-30 18:42 --------- d-----w C:\Programfiler\Valve

.

((((((((((((((((((((((((((((( snapshot@2008-06-28_14.34.46.96 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-28 12:29:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-28 15:41:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-28 12:19:37 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-28 15:04:49 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-28 12:19:37 73,088 ----a-w C:\WINDOWS\system32\perfc014.dat

+ 2008-06-28 15:04:49 73,088 ----a-w C:\WINDOWS\system32\perfc014.dat

- 2008-06-28 12:19:37 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-28 15:04:49 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-28 12:19:37 412,768 ----a-w C:\WINDOWS\system32\perfh014.dat

+ 2008-06-28 15:04:49 412,768 ----a-w C:\WINDOWS\system32\perfh014.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-18 15:10 16384]

"H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 21:33 125168]

"LanguageShortcut"="C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29 49152]

"BluetoothAuthenticationAgent"="bthprops.cpl,,BluetoothAuthenticationAgent" []

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"zBrowser Launcher"="C:\Programfiler\Logitech\iTouch\iTouch.exe" [2002-07-22 03:10 577602]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]

"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

"MMTray"="C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 12:06 110592]

"QuickTime Task"="D:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 07:24 286720]

"CanonSolutionMenu"="C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 18:01 644696]

"CanonMyPrinter"="C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]

"D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2005-04-22 17:51 1236992]

"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

C:\Documents and Settings\Eivnd\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\Amlien\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-18 15:10:26 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]

Winlognotif.dll 2003-09-03 07:14 49152 C:\WINDOWS\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Internet Explorer\\iexplore.exe"=

"D:\\Downloads\\utorrent.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"C:\\Programfiler\\AOpen\\Multimedia Utilities\\LIVEUPD.EXE"=

"D:\\Spill\\Battlefiled 2\\BF2.exe"=

"C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"=

"C:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"D:\\Spill\\FM08\\fm.exe"=

"C:\\Programfiler\\Valve\\hl.exe"=

"C:\Programfiler\Microsoft ActiveSync\rapimgr.exe"= C:\Programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"= C:\Programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe"= C:\Programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"17298:TCP"= 17298:TCP:utorent

"17298:UDP"= 17298:UDP:utorent

R2 NetSentinel;NetSentinel;C:\WINDOWS\system32\NSSRVICE.EXE [2006-08-30 15:05]

R2 SentinelKeysServer;Sentinel Keys Server;"C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 01:00]

R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [2006-08-30 15:05]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 14:28]

.

Contents of the 'Scheduled Tasks' folder

"2008-06-23 18:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-06-28 15:45:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Programfiler\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-28 17:43:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\CyberLink\Shared files\RichVideo.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

.

**************************************************************************

.

Completion time: 2008-06-28 17:49:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-28 15:49:04

ComboFix2.txt 2008-06-28 12:35:26

Pre-Run: 1,509,908,480 byte ledig

Post-Run: 1,501,294,592 byte ledig

181 --- E O F --- 2008-06-28 12:48:36

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her kommer loggen fra MBAM:

Malwarebytes' Anti-Malware 1.18

Database versjon: 898

18:20:21 28.06.2008

mbam-log-6-28-2008 (18-20-21).txt

Skann type: Rask Skann

Objekter skannet: 42393

Tid tilbakelagt: 5 minute(s), 9 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 1

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er loggen fra hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:23:33, on 28.06.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\NSSRVICE.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programfiler\CyberLink\Shared files\RichVideo.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe

D:\Programfiler\QuickTime\QTTask.exe

C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe

C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Programfiler\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programfiler\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Programfiler\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programfiler\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programfiler\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programfiler\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Amlien\Start-meny\Programmer\IMVU\Run IMVU.lnk

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174065704929

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yamlien.spaces.live.com/PhotoUpload/MsnPUpld.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NetSentinel - Rainbow Technologies, Inc. - C:\WINDOWS\system32\NSSRVICE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Programfiler\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Programfiler\Spyware Doctor\swdsvc.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programfiler\Fellesfiler\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

--

End of file - 10784 bytes

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Loggene ser greie ut. Hvordan går det med 'problemet' - kjører pc'n greit?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei!

Tusen takk! :D

Nå fungere det bra!

Men noe tips til antivirus/antispyware program jeg kan bruke for å hindre dette i framtiden?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Da avslutter vi med følgende:

1. Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

(Lukk nettleseren før du klikker Fix checked)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

2. Hvis ikke IMVU 3D messenger er noe du må ha, avinstaller det.

3. Avinstaller combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start->kjør). Dette fjerner programmet + nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

4. Oppdater Windows (start->alle programmer->windows update)

5. Oppdater Java: http://java.com/en/download/index.jsp

I legg til/fjern programmer, avinstallerer du alle 'gamle' versjoner.

6. Hvis Spyware Doctor er en demo, avinstaller den. Behold gjerne MBAM og CCleaner.

Ang. sikkerhetsprogrammer: Du har Norton. Det et er godt av-prog. Når det gjelder antispyware, så kan du beholde MBAM. Alternativt eller i tillegg: gratisversjonen til SAS

På vegne av dine hjelpere sier jeg Surf trygt! :thumbup:

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Da har jeg gått igjennom lista!

1: Finner ikke O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) lenger, så får dermed ikke slettet den.

2: IMVU 3D messenger har jeg slettet ja, regnet med at det ikke var et helt bra program ja. Har også slettet en del andre program som ikke er i bruk.

3: Kjørte combofix /u. Combofix er vel slettet da, så da kan jeg vel slete combofix.exe som ligger på skrivebordet?

4: Har oppdatert windows! Var vist en del oppdateringer ja!

5: Har slettet den gamle versonen av Java og instalert den nyeste!

6: Spyware Doctor er fullverson, så beholder den. Problemet er vel at OnGuarden ikke har stått på.. Beholder MBAM og CCleaner også.

Men har ikke Norman. Hadde det før. Nå har jeg Symantec AntiVirus.(Ikke Norton).

Når jeg logger meg på nå får jeg to feilmeldinger, sikkert ikke noe alvorlig men...:

AirGCFG.exe - Fant ikke startpunkt. - er vel internetten, D-link.. Fungerer, men kan prøve å instalere den på nytt!

WZCSLDR2.exe -Fant ikke startpunkt.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Filene du får feilmelding på er begge knyttet til D-link. Ta derfor å reinstaller programvaren for d-link slik du selv foreslår.

Symantec antivirus = Norton Antivirus

Hvis combofix fortsatt ligger på skrivebordet, har du ikke avinstallert det. Prøv å plassere hele stien i kjør-feltet

(Du finner hele stien ved å høyreklikke på combofix.exe og se plasseringen. Kopier inn den i kjør-feltet. Husk å plassere /u bak (det skal være mellomrom mellom combofix og /u )

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Da har jeg prøvd å innstalere D-link på nytt, får fortsatt feilmelding, men det fungerer så det får vel bare være...

Har faktisk ikke Norton nei, tror det er noe bedrifts AV.

Nå fikk jeg avinstalert Combofix!

Nå håper jeg at maskina skal være bra ei lang stund frammover!!

Takker dere begge såe mye for hjelpen! Dere har stått på og gjort en bra jobb!! :D

(flaks at jeg fant dette forumet og fikk hjelp! Vet ikke hva jeg skulle gjort vist ikke.)

:D :D

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

ang. feilmeldingene:

Klikk: Start->Kjør

Skriv: msconfig

Velg arkfanen Oppstart

Fjern merket framfor de to linjene som starter følgende prosesser:

AirGCFG.exe

WZCSLDR2.exe

Restart pc'n

Du vil få opp et dialogvindu der du setter merke for at meldingen ikke skal vises hver gang windows starter.

Får du fortsatt opp feilmelding knyttet til disse to prosessene?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hei!

Nå tror jeg at jeg har fått et lignende problem. Når jeg prøver å logge meg på, kommer det først "Windows kan ikke laste inn brukerens profil, men har logget deg på med systemets standardprofil. DETAIL - Ikke nok systemressurser til å fullføre den forespurte tjenesten."

Så kommer påloggingsvinduet igjen. Og den samme meldingen etterpå igjen.

Til slutt kan det komme beskjed

"userinit.exe - programfeil - Programmet ble ikke riktig initialisert (0xc000012d)"

Jeg har lest denne tråden, men jeg er litt usikker om jeg bare kan kopiere disse trinnene eller om fremgangsmåten skal være "skreddersydd" for den aktuelle feilmeldingen. Tråden er tross alt et par år gammel.

Jeg har også lest litt i andre forumer om ComboFix, og ekspertene der pleier å advare at man bare skal bruke combofix under tilsyn av en kvalifisert fagperson.

Jeg har installert og kjørt både CCleaner og Malwarebytes (kjørt hurtigscan og det ble funnet 3 Disabled.SecurityCenter trusler - nå er de i karantene), men jeg kan fortsatt ikke logge på i normalmodus. Nå jobber jeg fra sikkermodus med nettverk.

Det er Windows XP Professional Versjon 2002.

Finnes det håp for meg også???

:o)

Takk.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

tangens: kjør en runde med Combofix, post loggen i en egen tråd som du oppretter.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive