1r9b1k7 Skrevet 25. desember 2008 Rapporter Del Skrevet 25. desember 2008 Hei! Pcen vil ikke logge seg på som vanlig. Den krasjer/bildet fryser, kun skrivebordsbakgrunn som vises, etter at jeg har logget meg inn. Har prøvd alle funksjonene i "F8-modus" og "Gjenopprettingsmodus for katalogtjenester" funker tydeligvis. Jeg klarer da å få opp oppgavebehandling, men hva skal jeg gjøre nå? Noen spesille prosesser jeg skal avslutte? Info: windows xp sp2 hp compaq 6715b norman antivirus Har også en slik Credential manager som gjør innlogging "enklere" ved fingerscan osv. Kan ikke huske om at jeg installerte noe programvare før feilen oppstod. (Noe mer info som trengs?) Takker for all hjelp! Lenke til kommentar
Tordenflesk Skrevet 25. desember 2008 Rapporter Del Skrevet 25. desember 2008 Noen spesille prosesser jeg skal avslutte?Prøv heller og start explorer.exe Lenke til kommentar
1r9b1k7 Skrevet 26. desember 2008 Forfatter Rapporter Del Skrevet 26. desember 2008 Det gikk greit å starte explorer. Lenke til kommentar
1r9b1k7 Skrevet 26. desember 2008 Forfatter Rapporter Del Skrevet 26. desember 2008 Når jeg er i denne modusen (Gjenopprettingsmodus for katalogtjenester) er det noe man IKKE bør gjøre? Har prøvd norman og Malwarebytes anti-malware for å fjerne det som kanskje forårsaker problemene mine. Her er loggen til Malwarebytes anti-malware : Malwarebytes' Anti-Malware 1.31Databaseversjon: 1456 Windows 5.1.2600 Service Pack 2 26.12.2008 17:53:31 mbam-log-2008-12-26 (17-53-31).txt Skanntype: Rask Skann Objekter skannet: 59318 Tid tilbakelagt: 5 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0095351 (Trojan.Vundo) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
1r9b1k7 Skrevet 26. desember 2008 Forfatter Rapporter Del Skrevet 26. desember 2008 Her er combofix-loggen: ComboFix 08-12-26.01 - ola.nordmann 2008-12-26 18:53:52.1 - NTFSx86 DSREPAIRMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.895.500 [GMT 1:00] Kjører fra: c:\documents and settings\ola.nordmann\Skrivebord\ComboFix.exe AV: Norman Virus Control ver. 5.99 *On-access scanning disabled* (Outdated) * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ola.nordmann\ola.nordmann.exe c:\winnt\Downloaded Program Files\setup.inf . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_REMOTEREGISTRYW32TIME -------\Service_RemoteRegistryW32Time ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-26 til 2008-12-26 ))))))))))))))))))))))))))))))))) . 2008-12-26 18:50 . 2008-12-26 18:51 <DIR> d-------- C:\32788R22FWJFW 2008-12-26 17:26 . 2008-12-26 17:26 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-26 17:26 . 2008-12-26 17:26 <DIR> d-------- c:\documents and settings\ola.nordmann\Programdata\Malwarebytes 2008-12-26 17:26 . 2008-12-26 17:26 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-26 17:26 . 2008-12-03 19:52 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys 2008-12-26 17:26 . 2008-12-03 19:52 15,504 --a------ c:\winnt\system32\drivers\mbam.sys 2008-12-25 16:23 . 2008-12-25 16:23 46,080 --a------ c:\winnt\system32\mmmviwvi.dll 2008-12-20 16:25 . 2008-12-20 16:25 <DIR> d-------- c:\programfiler\Epson Software 2008-12-20 16:25 . 2008-12-20 16:25 <DIR> d-------- c:\documents and settings\All Users\Programdata\UDL 2008-12-20 16:23 . 2008-12-20 16:24 <DIR> d-------- c:\programfiler\ABBYY FineReader 6.0 Sprint 2008-12-20 16:19 . 2007-12-07 03:08 86,528 --a------ c:\winnt\system32\E_FLBEDE.DLL 2008-12-20 16:19 . 2007-12-07 03:01 78,848 --a------ c:\winnt\system32\E_FD4BEDE.DLL 2008-12-20 16:19 . 2007-04-10 02:06 8,192 --a------ c:\winnt\system32\E_DCINST.DLL 2008-12-20 16:18 . 2008-12-20 16:24 <DIR> d-------- c:\programfiler\epson 2008-12-20 16:18 . 2008-12-20 16:20 <DIR> d-------- c:\documents and settings\All Users\Programdata\EPSON 2008-12-20 16:18 . 2007-07-13 00:00 71,680 --a------ c:\winnt\system32\escwiad.dll 2008-12-20 16:17 . 2008-12-20 16:17 26 --a------ c:\winnt\CDESX100EXPORT.ini 2008-12-01 09:35 . 2008-12-01 09:35 46 --ahs---- c:\winnt\system32\admininfo.conf 2008-12-01 09:34 . 2008-12-01 09:34 <DIR> d-------- c:\winnt\system32\download 2008-12-01 09:34 . 2008-12-01 09:34 67 --a------ c:\winnt\system32\ocsinventory.dat 2008-12-01 09:34 . 2008-12-01 09:34 31 --a------ c:\winnt\system32\service.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-26 17:59 --------- d-----w c:\programfiler\OCS Inventory Agent 2008-12-26 17:56 --------- d-----w c:\programfiler\Norman 2008-12-26 17:00 --------- d-----w c:\programfiler\Norton Security Scan 2008-12-26 14:38 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-12-22 10:23 --------- d---a-w c:\programfiler\Clue 2008-12-20 15:25 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-16 21:50 --------- d-----w c:\documents and settings\ola.nordmann\Programdata\gtk-2.0 2008-12-11 13:13 --------- d-----w c:\documents and settings\ola.nordmann\Programdata\uTorrent 2008-11-28 17:57 --------- d-----w c:\programfiler\MSN Messenger 2008-11-18 16:13 410,976 ----a-w c:\winnt\system32\deploytk.dll 2008-11-18 16:12 --------- d-----w c:\programfiler\Java 2008-11-14 09:31 --------- d-----w c:\documents and settings\All Users\Programdata\OrdnettPluss 2008-11-14 08:13 --------- d-----w c:\programfiler\Microsoft IntelliPoint 2008-11-04 08:35 499,712 ----a-w c:\winnt\system32\msvcp71.dll 2008-11-04 08:35 348,160 ----a-w c:\winnt\system32\msvcr71.dll 2008-10-27 09:19 --------- d-----w c:\documents and settings\ola.nordmann\Programdata\Kunnskapsforlaget 2008-10-23 13:01 283,648 ----a-w c:\winnt\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\winnt\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\winnt\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\winnt\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\winnt\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\winnt\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\winnt\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\winnt\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\winnt\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\winnt\system32\wups.dll 2008-10-03 10:17 247,326 ----a-w c:\winnt\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\winnt\system32\msxml4.dll 2007-10-30 20:58 29,444,096 ----a-w c:\programfiler\CJB5200NO.EXE 2007-10-30 20:40 1,232,547 ----a-w c:\programfiler\wrar371no.exe 2007-09-02 19:19 18,040,176 ----a-w c:\programfiler\Install_Messenger_nous.exe 2007-08-31 09:17 278,695,200 ----a-w c:\programfiler\TmNationsESWC_Setup.exe 2007-08-03 12:10 32,768 --sha-w c:\winnt\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012007080320070804\index.dat 2007-08-03 13:52 16,384 --sha-w c:\winnt\system32\config\systemprofile\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat . ------- Sigcheck ------- 2006-01-13 18:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\winnt\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\winnt\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\winnt\$NtUninstallKB941644$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\winnt\$NtUninstallKB951748$\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\winnt\SoftwareDistribution\Download\6b87f018d0fb69e9c5ccb760afc4cb7b\tcpip.sys 2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\winnt\system32\dllcache\tcpip.sys 2008-06-20 11:45 360320 1cc09561e21a48a7f649a40f18235860 c:\winnt\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2004-08-04 15360] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856] "RocketDock"="c:\programfiler\RocketDock\RocketDock.exe" [2007-09-02 495616] "EPSON SX100 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE" [2008-02-05 188928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\winnt\system32\dumprep 0 -u" [X] "Apoint"="c:\programfiler\Apoint\Apoint.exe" [2005-10-07 176128] "PTHOSTTR"="c:\programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "IFXSPMGT"="c:\winnt\system32\ifxspmgt.exe" [2007-02-15 677408] "QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 159744] "hpWirelessAssistant"="c:\programfiler\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "WatchDog"="c:\programfiler\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "Norman ZANDA"="c:\programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "IntelliPoint"="c:\programfiler\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 600896] "Lexmark 5200 series"="c:\programfiler\Lexmark 5200 series\lxbtbmgr.exe" [2004-03-25 57344] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SSConfig"="c:\sys.000\SW.exe" [2008-10-01 10489856] "ProcMon"="c:\sys.000\hostsw.exe" [2008-12-25 217088] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-18 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ DVD Check.lnk - c:\programfiler\InterVideo\DVD Check\DVDCheck.exe [2007-08-03 192512] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 00:30 74240 c:\programfiler\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\winnt\system32\mmmviwvi.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-71645\Scripts\Logon\0\0] "Script"=\\%LOGONSERVER%\NETLOGON\ODVS-ELEVER.BAT [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-790525478-1644491937-682003330-71645\Scripts\Logon\1\0] "Script"=%logonserver%\netlogon\pwdcheck.bat [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "c:\\Programfiler\\TmNationsForever\\TmForever.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4703:UDP"= 4703:UDP:Windows Media Format SDK (iexplore.exe) "4702:UDP"= 4702:UDP:Windows Media Format SDK (iexplore.exe) R1 PersonalSecureDrive;PersonalSecureDrive;c:\winnt\system32\drivers\psd.sys [2007-01-23 39080] R2 ASChannel;Local Communication Channel;c:\winnt\System32\svchost.exe -k Cognizance [2007-02-14 14336] R2 MASEL;Event Log Audit;c:\sys.000\Evl.exe [2007-11-15 126976] R2 Ndiskio;Ndiskio;\??\c:\programfiler\Norman\Nse\bin\NDISKIO.SYS [2007-08-03 20448] R2 OCS INVENTORY;OCS INVENTORY SERVICE;"c:\programfiler\OCS Inventory Agent\ocsservice.exe" [2008-04-21 69632] R2 WinDefend;Windows Defender;"c:\programfiler\Windows Defender\MsMpEng.exe" [2006-11-03 13592] R3 IFXTPM;IFXTPM;c:\winnt\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608] R3 nsesvc;Norman Scanner Engine Service;"c:\programfiler\Norman\nse\bin\NSESVC.EXE" -daemon [2008-08-13 322616] R3 NvcMFlt;NvcMFlt;c:\winnt\system32\DRIVERS\nvcw32mf.sys [2007-08-03 19512] R3 nvcoas;Norman Virus Control on-access component;"c:\programfiler\Norman\Nvc\bin\nvcoas.exe" [2008-01-15 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Nvc\BIN\NVCSCHED.EXE [2007-08-03 146488] S2 ASBroker;Logon Session Broker;c:\winnt\System32\svchost.exe -k Cognizance [2007-02-14 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static] msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-26 c:\winnt\Tasks\MP Scheduled Scan.job - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-12-26 c:\winnt\Tasks\Norton Security Scan for ola.nordmann.job - c:\programfiler\Norton Security Scan\Nss.exe [2008-09-19 04:18] 2008-12-26 c:\winnt\Tasks\Oppdater Ordnett Pluss.job - c:\documents and settings\ola.nordmann\Mine dokumenter\Fag\VG2\Norsk\Nynorsk\updater.exe [2008-05-21 15:10] . - - - - TOMME PEKERE FJERNET - - - - BHO-{1F6C23D6-854C-497f-9275-439C89CF1F68} - mscoree.dll HKCU-Run-ola - c:\documents and settings\ola.nordmann\ola.nordmann.exe Notify-WgaLogon - (no file) . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.rbkweb.com/ uInternet Settings,ProxyOverride = <local> c:\winnt\Downloaded Program Files\DirectEdit.dll - O16 -: DirectEdit hxxps://www.itslearning.com//file/DirectEdit.CAB c:\winnt\Downloaded Program Files\OSD448.OSD . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-26 18:57:57 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(924) c:\programfiler\Hewlett-Packard\IAM\bin\ocgina.dll c:\programfiler\Hewlett-Packard\IAM\bin\ItMsg.dll c:\programfiler\Hewlett-Packard\IAM\bin\HPBrand.dll c:\programfiler\Hewlett-Packard\IAM\bin\ItTal.dll c:\programfiler\Hewlett-Packard\IAM\bin\ItReports.DLL c:\winnt\system32\Ati2evxx.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\programfiler\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ItDAC.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ASChnl.dll c:\programfiler\Hewlett-Packard\IAM\Bin\STEngine.dll c:\programfiler\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ASBIoAT.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\programfiler\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\programfiler\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\programfiler\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\programfiler\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\programfiler\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\winnt\system32\xenroll.dll c:\winnt\system32\IFXTSP.dll c:\winnt\system32\IfxSpArc.dll c:\winnt\system32\IFXTCSps.dll c:\winnt\system32\IFXTPMCP.dll c:\programfiler\Hewlett-Packard\Embedded Security Software\IfxTRsUS.dll c:\programfiler\Hewlett-Packard\Embedded Security Software\IfxTrsMs.dll c:\winnt\system32\capicom.dll - - - - - - - > 'lsass.exe'(984) c:\programfiler\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\programfiler\Hewlett-Packard\IAM\bin\ItMsg.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\winnt\system32\ati2evxx.exe c:\programfiler\Norman\Npm\Bin\elogsvc.exe c:\programfiler\Norman\Npm\Bin\Zanda.exe c:\winnt\system32\ati2evxx.exe c:\winnt\system32\agrsmsvc.exe c:\winnt\system32\IFXTCS.exe c:\programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\winnt\system32\IfxPsdSv.exe c:\programfiler\Hewlett-Packard\Shared\hpqWmiEx.exe c:\programfiler\Norman\Npm\Bin\Njeeves.exe c:\winnt\system32\scardsvr.exe c:\winnt\system32\wbem\wmiapsrv.exe c:\programfiler\Hewlett-Packard\IAM\Bin\asghost.exe c:\programfiler\Hewlett-Packard\Shared\HpqToaster.exe c:\programfiler\Norman\NVC\bin\Nip.exe c:\programfiler\Norman\NVC\bin\CClaw.exe c:\programfiler\Hewlett-Packard\Embedded Security Software\PSDrt.exe c:\winnt\system32\dumprep.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\sys.000\svpr.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\programfiler\MSN Messenger\usnsvc.exe c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\winnt\system32\rundll32.exe . ************************************************************************** . Tidspunkt ferdig: 2008-12-26 19:02:35 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-12-26 18:02:31 Pre-Run: 27 276 374 016 byte ledig Post-Run: 27,800,133,632 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 271 --- E O F --- 2008-12-26 12:03:52 Lenke til kommentar
norbat Skrevet 1. januar 2009 Rapporter Del Skrevet 1. januar 2009 Hvordan går det med problemet? Lenke til kommentar
1r9b1k7 Skrevet 2. januar 2009 Forfatter Rapporter Del Skrevet 2. januar 2009 Det har ikke skjedd noe spesielt nei. Den er akkurat som før, med problemet som gjør at jeg ikke får fram skrivebordet mm. Lenke til kommentar
norbat Skrevet 2. januar 2009 Rapporter Del Skrevet 2. januar 2009 Åpne Notisblokk, kopier og lim inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt Dra og slipp fila over combofix-iconet. Combofix vil starte igjen. Post loggen og fortell om problemet er borte. File:: c:\winnt\system32\mmmviwvi.dll Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Lenke til kommentar
1r9b1k7 Skrevet 4. januar 2009 Forfatter Rapporter Del Skrevet 4. januar 2009 Nå (før jeg fikk se din post norbat) tok jeg gjenopprettingsmodus, dvs at jeg trykte ja/nei (usikker på hvilken) slik at dataen skulle komme tilbake til en tidligere fungerende versjon. Dette tok en stund, men det endte opp med at dataen bare går i loop når man skal starte den. Dvs at den starter på nytt når man skal logge på (innloggings-skjermen kommer ikke opp). Selv om man prøver F8 og andre alternativer starter den bare på nytt. Uansett takk norbat for at du ville prøve å hjelpe. Lenke til kommentar
norbat Skrevet 4. januar 2009 Rapporter Del Skrevet 4. januar 2009 Når du slå på pc'n vil du i 2 sek. ha mulighet til å enten velge å starte Gjenopprettingskonsollen eller windows. Kunne du ha valgt Gjenopprettingskonsollen? (2 sek. er kort tid, så hver rask til å bruke opp-piltasten) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå