Powerbeyond Skrevet 28. mai 2009 Skrevet 28. mai 2009 Har hatt noen merkelige problemer i det siste med PC'n og antivirus programmet finner ikke noe. Er en rekke merkelige problemer som dukker opp ganske ofte, f.eks at jeg ikke får til å trykke på noe på skjermen. Går som regel bort etter at jeg ctrl+alt delete og starter task manager, men kommer tilbake etter noen minutter. Setter pris på om noen kunne ha hjulpet meg. Her er loggene fra combofix og malware greia: Malwarebytes' Anti-Malware 1.37 Databaseversjon: 2187 Windows 6.0.6001 Service Pack 1 28/05/2009 14:57:55 mbam-log-2009-05-28 (14-57-55).txt Skanntype: Rask Skann Objekter skannet: 77474 Tid tilbakelagt: 3 minute(s), 15 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix 09-05-26.05 - xBornToLosex 28/05/2009 14:53.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1508 [GMT 2:00] Running from: c:\users\xBornToLosex\Downloads\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 ))))))))))))))))))))))))))))))) . 2009-05-28 12:29 . 2009-05-28 12:29 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\Malwarebytes 2009-05-28 12:29 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-28 12:29 . 2009-05-28 12:29 -------- d-----w c:\programdata\Malwarebytes 2009-05-28 12:29 . 2009-05-28 12:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-28 12:29 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-26 00:12 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{829B22D0-AADC-4536-B29B-750DB3BC03B0}\mpengine.dll 2009-05-21 06:55 . 2009-05-05 13:48 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll 2009-05-21 06:55 . 2009-05-05 13:48 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll 2009-05-21 06:55 . 2009-05-05 13:49 312088 ----a-w c:\programdata\avg8\update\backup\avglngx.dll 2009-05-21 06:55 . 2009-05-05 13:48 486168 ----a-w c:\programdata\avg8\update\backup\avgrsx.exe 2009-05-21 06:55 . 2009-05-05 13:48 177432 ----a-w c:\programdata\avg8\update\backup\avgmail.dll 2009-05-21 06:55 . 2009-05-05 13:47 3288344 ----a-w c:\programdata\avg8\update\backup\setup.exe 2009-05-21 06:54 . 2009-05-05 13:48 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll 2009-05-21 06:54 . 2009-05-05 13:47 755992 ----a-w c:\programdata\avg8\update\backup\avginet.dll 2009-05-20 23:29 . 2009-05-20 23:29 -------- d-----w c:\program files\AutoHotkey 2009-05-17 03:21 . 2009-05-05 13:47 3399960 ----a-w c:\programdata\avg8\update\backup\avgui.exe 2009-05-17 03:21 . 2009-05-05 13:47 2302232 ----a-w c:\programdata\avg8\update\backup\avguiadv.dll 2009-05-12 12:44 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys 2009-05-12 12:44 . 2009-05-12 12:44 -------- d-----w c:\program files\Panda Security 2009-05-05 13:45 . 2009-05-05 13:45 -------- d-----w c:\program files\7-Zip 2009-04-30 17:24 . 2009-04-30 17:24 -------- d-----w c:\program files\RVG Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-28 12:30 . 2009-01-03 17:00 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\Skype 2009-05-28 12:16 . 2009-01-03 17:01 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\skypePM 2009-05-27 12:23 . 2009-01-06 23:50 -------- d-----w c:\program files\Steam 2009-05-27 12:07 . 2009-01-06 23:50 -------- d-----w c:\program files\Common Files\Steam 2009-05-14 01:04 . 2008-05-21 18:20 -------- d-----w c:\programdata\Microsoft Help 2009-05-14 01:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-05-05 13:49 . 2009-02-27 01:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-05 13:49 . 2009-02-27 01:13 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-05 13:49 . 2009-02-27 01:13 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-05 13:47 . 2009-02-27 01:14 11952 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-05 13:46 . 2009-02-27 01:13 -------- d-----w c:\programdata\avg8 2009-04-25 13:14 . 2009-01-07 01:07 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\Azureus 2009-04-24 09:19 . 2008-12-28 01:30 -------- d-----w c:\program files\Full Tilt Poker 2009-04-24 00:43 . 2009-01-02 21:44 -------- d-----w c:\program files\PokerStars 2009-04-18 13:13 . 2009-04-18 13:06 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\dvdcss 2009-04-13 09:36 . 2009-01-07 01:01 -------- d-----w c:\program files\Vuze 2009-03-31 13:35 . 2009-05-05 17:52 17160 ----a-w c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe 2009-03-30 15:30 . 2009-05-05 17:52 17160 ----a-w c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe 2009-03-17 03:38 . 2009-04-17 06:50 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-17 06:50 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-06 16:12 . 2008-04-16 21:25 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe 2009-03-05 11:29 . 2009-03-24 18:37 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe 2009-03-03 04:46 . 2009-04-17 06:51 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-17 06:51 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-17 06:50 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-17 06:51 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-17 06:51 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-17 06:51 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-17 06:50 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-17 06:51 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-17 06:51 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-17 06:51 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-17 06:51 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-17 06:51 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-17 06:50 26624 ----a-w c:\windows\system32\ieUnatt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Steam"="c:\program files\Steam\Steam.exe" [2009-05-20 1217784] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1947928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{55482F75-03EC-460F-8C26-275DA9848696}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{674ED21E-0063-4DD2-B887-DD5FDE92DBC1}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{F114D74C-51BB-4DBD-BCB2-98BCE3F5B4B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7E02B96C-E4BF-4C63-87FE-5FE71CDF8388}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7F155EA3-F419-4B1D-B90C-DE2763817FE0}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{E5C28D8B-9875-40CA-B1FD-DB427D80D4AE}"= c:\program files\Skype\Phone\Skype.exe:Skype "{1A4AAEF0-0A75-493F-AF77-3263F549E2B7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C5A301D4-853A-415C-92CC-85D46D93F1D2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{28808D58-FD4D-40F4-AC2D-9FB9A644258A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{EEB64222-060C-41FD-BD96-1413494B2880}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{AEA5FC36-22F8-47A9-AE83-E659740FD4FC}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{73BD5CD8-2F3E-4F5E-9336-A5E03D3E3538}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{1D5CCC63-D6BA-4E8F-8D39-E5F630AB8921}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{F682C1F3-8EB1-47E0-8B21-5D15BC519C01}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{A06E19FA-9764-4C4D-AB81-92863A81B2BE}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "TCP Query User{5676D07F-CFBE-4E9B-BCB0-21F984CA01E0}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{87BAFEC6-E97B-4264-8DC3-F606C5CE3B50}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "{36747406-18EC-432A-8D4A-757EBD438B45}"= c:\program files\Skype\Phone\Skype.exe:Skype R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27/09/2008 11:48 15416] R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/05/2009 14:44 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27/02/2009 03:13 325896] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27/02/2009 03:13 108552] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [27/09/2008 11:43 73728] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/02/2009 03:13 908568] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/02/2009 03:13 298776] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/2008 01:24 19456] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19/09/2008 04:03 65536] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [21/05/2008 20:40 341328] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/05/2008 19:28 193840] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23/01/2008 23:23 52736] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 13:14 81296] S3 B-Service;B-Service;c:\users\xBornToLosex\AppData\Roaming\Mikogo\B-Service.exe [07/01/2009 01:38 185640] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_mt&c=83&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_mt&c=83&bd=Pavilion&pf=cnnb IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\xBornToLosex\AppData\Roaming\Mozilla\Firefox\Profiles\1l3hp8ug.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-28 14:57 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2009-05-28 14:59 ComboFix-quarantined-files.txt 2009-05-28 12:58 Pre-Run: 102,454,341,632 bytes free Post-Run: 102,836,805,632 bytes free 190 --- E O F --- 2009-05-18 18:30
snippsat Skrevet 30. mai 2009 Skrevet 30. mai 2009 Det ser bra ut. Prøv og rydde litt. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Auslogics Disk Defrag(gratis) http://www.auslogics.com/en/software/disk-defrag Se om dette hjelper.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå