lordlappy Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 (endret) som emnet sier så trenger jeg litt hjelp med hijack logg, som jeg ikke kan tyde Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:42:48, on 25.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe E:\Programmer\avast\aswUpdSv.exe E:\Programmer\avast\ashServ.exe C:\windows\Explorer.EXE C:\windows\RTHDCPL.EXE C:\windows\system32\RUNDLL32.EXE E:\PROGRA~1\avast\ashDisp.exe E:\Programmer\PowerISO\PWRISOVM.EXE C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe E:\Programmer\logitech\QuickCam\Quickcam.exe E:\Programmer\logitech\mx518\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe E:\Programmer\logitech\mx518\SetPoint\SetPoint.exe C:\windows\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe E:\Programmer\Ny mappe\Nero 8\Nero BackItUp\NBService.exe E:\XFX programmer\nvidia nTune\nTune\nTuneService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\windows\system32\svchost.exe C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe E:\Programmer\avast\ashMaiSv.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe E:\Programmer\avast\ashWebSv.exe E:\Programmer\Firefox\firefox.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\msiexec.exe C:\windows\system32\ctfmon.exe E:\Programmer\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\windows\system32\sdra64.exe, O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] C:\Programfiler\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\avast\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programmer\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Programmer\logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Programmer\Ny mappe\Nero 8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programmer\adobe reader\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programfiler\Fellesfiler\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Programfiler\Fellesfiler\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.38\international\PhysX_9.09.0428_SystemSoftware.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programmer\logitech\mx518\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Programmer\logitech\mx518\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1250012638625 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programmer\logitech\mx518\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - E:\Programmer\superantispyware\SASWINLO.dll O23 - Service: ASKUpgrade - Unknown owner - C:\Programfiler\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmer\avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\avast\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programmer\Ny mappe\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\XFX programmer\nvidia nTune\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9572 bytes er denne i orden eller er det noe jeg må ordne på? takk Endret 25. september 2009 av lordlappy Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 hei har lagt ut en hijackthis logg i nytt emne. har du lyst til å se på den når du har tid? Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 Last ned og kjør en rask skann med MBAM (se veiledningen), post loggen om den finner noe. Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 hei har lagt ut en hijackthis logg i nytt emne. har du lyst til å se på den når du har tid? Jada, se i tråden din Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 Last ned og kjør en rask skann med MBAM (se veiledningen), post loggen om den finner noe. ja den fant noe Malwarebytes' Anti-Malware 1.41 Databaseversjon: 2859 Windows 5.1.2600 Service Pack 3 25.09.2009 18:54:30 mbam-log-2009-09-25 (18-54-30).txt Skanntype: Rask Skann Objekter skannet: 154617 Tid tilbakelagt: 2 minute(s), 11 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 7 Registerverdier infisert: 1 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmtlqcbwnf (Rootkit.TDSS) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) er også problem i starten der pcen sier ugyldig boot.ini fil starter fra c:\windows (eller noe sånt) Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 ny hijackthis søk etter MBAM scan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:00:15, on 25.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe E:\Programmer\avast\aswUpdSv.exe E:\Programmer\avast\ashServ.exe C:\windows\Explorer.EXE C:\windows\RTHDCPL.EXE C:\windows\system32\RUNDLL32.EXE E:\PROGRA~1\avast\ashDisp.exe E:\Programmer\PowerISO\PWRISOVM.EXE C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Programfiler\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe E:\Programmer\logitech\QuickCam\Quickcam.exe C:\Programfiler\Java\jre6\bin\jusched.exe E:\Programmer\adobe reader\Reader\Reader_sl.exe E:\Programmer\logitech\mx518\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe E:\Programmer\logitech\mx518\SetPoint\SetPoint.exe C:\Programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE C:\windows\system32\spoolsv.exe E:\Programmer\Firefox\firefox.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe E:\Programmer\Ny mappe\Nero 8\Nero BackItUp\NBService.exe E:\XFX programmer\nvidia nTune\nTune\nTuneService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\windows\system32\svchost.exe C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe E:\Programmer\avast\ashMaiSv.exe C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe E:\Programmer\avast\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe C:\Programfiler\Fellesfiler\Logishrd\LQCVFX\COCIManager.exe E:\Programmer\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programfiler\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programfiler\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nwiz] C:\Programfiler\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\avast\ashDisp.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Programmer\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programfiler\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programfiler\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Programmer\logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "E:\Programmer\Ny mappe\Nero 8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programmer\adobe reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "E:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Programfiler\Fellesfiler\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MSI" TRANSFORMS="C:\Programfiler\Fellesfiler\Wise Installation Wizard\WISB83FC356B7C0441F8A4DD71E088E7974_9_09_0428.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\190.38\international\PhysX_9.09.0428_SystemSoftware.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programmer\logitech\mx518\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = E:\Programmer\logitech\mx518\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1250012638625 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Programmer\logitech\mx518\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - E:\Programmer\superantispyware\SASWINLO.dll O23 - Service: ASKUpgrade - Unknown owner - C:\Programfiler\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmer\avast\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\avast\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\avast\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\avast\ashWebSv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programfiler\Fellesfiler\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programmer\Ny mappe\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\XFX programmer\nvidia nTune\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programfiler\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9711 bytes Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 (endret) Da ser loggen fin ut. Ang. boot.ini, så er den antakelig blitt korrupt. Kunne du fra kjør-feltet (start->kjør), skrevet c:\boot.ini og postet innholdet i den fila (hvis den finnes da). Endret 25. september 2009 av norbat Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 den finnes ikke Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 Det ante meg. Du kan lage en ny boot.ini. Det beste er å gjøre dette fra gjenopprettingskonsollen. Har du en winXP cd tilgjengelig? Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 ja har det men vet ikke om den er helt oppe å går men kan prøve iallefall Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 (endret) Og du vet hvordan du booter fra den og går inn i gjenopprettingskonsollen? Hvis, så skriver du fra ledetekst: bootcfg/rebuild Ved neste vindu sier du Ja til å legge til installasjonen til oppstartslisten Ved meldingen: Angi laste-ID, så kan du skrive den win-versjonen du har, eks. Microsoft Windows XP Home Edition Hvis du får meldingen: Angi lastealternativer for OS, så kan du skrive /fastdetect (klikk Enter etterpå) Skriv exit og gå ut av gjenopprettingskonsollen. Restart pc. Endret 25. september 2009 av norbat Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 jeg er ikke helt sikker på hvordan jeg går inn i gjennopprettingskonsollen, men vet hvordan man booter fra cden ja... Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 Når cd'n booter, vil du få et valg om å reparere windows vha. gjenopprettingskonsollen. Det gjør du. Når kursoren står og blinker (typisk bak c:\windows>_), skriver du nevnte kommando (se over) Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 skal gjøre ett forsøk så skal jeg sende en melding etterpå om jeg fikk det til Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 (endret) merkelig... alt fungerte som det skulle helt til andre oppstart første gang jeg starta pcen kom ikke feilmeldinga, men andre gang jeg starta pcen kom den igjen... på c:\ finner jeg ikke fila. har tatt vekk "skjul beskyttende operativsystemfiler" eller hva det står... på msconfig trodde jeg at man kunne velge boot.ini en plass men finner det ikke igjen også system.ini og win.ini er helt blanke der inne? er litt usikker på hvilken funksjon de har men Endret 25. september 2009 av lordlappy Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 bilde http://i135.photobucket.com/albums/q155/lordlappy/boot.jpg Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 Kjør Combofix (se veiledningen) og post loggen. Lenke til kommentar
lordlappy Skrevet 25. september 2009 Forfatter Rapporter Del Skrevet 25. september 2009 (endret) det kommer opp melding om at "boot partition cannot be enumerated correctly" ska eg barra trykke ok? Endret 25. september 2009 av lordlappy Lenke til kommentar
norbat Skrevet 25. september 2009 Rapporter Del Skrevet 25. september 2009 Ja, gjør det. Lenke til kommentar
lordlappy Skrevet 30. september 2009 Forfatter Rapporter Del Skrevet 30. september 2009 Ja, gjør det. den brukte evigheter... så jeg stoppa den Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå