Gå til innhold
Trenger du hjelp med PCen? Still spørsmål her! ×

Hjelp til å rette opp feilmelding 1067 og 1068


Anbefalte innlegg

Videoannonse
Annonse

Hva står 64-bit for?

Det er en betegnelse på størrelsen på minneadressene til prosessoren i datamaskinen.

 

Det vil ikke hjelpe å kjøre systemgjenoppsetting tilbake til august?

Det vil nok ikke hjelpe.

 

Får også feilmelding 1067 når jeg forsøker å starte Cryptographic Services, under Tjenester (lokal).

Har sett at den ikke kjører, det er kanskje derfor trådløst nettverk ikke virker.

 

Åpne notepad. Kopier innholdet i boksen under og lim det inn i notepad. Lagre filen på minnepennen som fixlist.txt i samme mappe som frst64.

Folder: C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

 

Sett minnepennen inn i den infiserte maskinen og start maskinen til System Recovery Options og kjør frst64, klikk Fix-knappen.

Frst vil lagre Fixlog.txt på minnepennen. Post denne loggen.

Lenke til kommentar

FRST logg:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2012

Ran by SYSTEM at 20-09-2012 20:53:43

Running from I:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor)

HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)

HKU\Anne Grete\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)

HKU\Anne Grete\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-10] (Nokia)

HKU\Anne Grete\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-06] (SUPERAntiSpyware.com)

Winlogon\Notify\ScCertProp: wlnotify.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk

ShortcutTarget: Snapfish PictureMover.lnk -&--#62; C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)

2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)

2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)

3 elxstor; C:\Windows\System32\Drivers\elxstor.sys [530496 2009-07-13] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 84520207; [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================

 

==================== One Month Created Files and Folders ========

2012-09-20 06:46 - 2012-09-20 06:46 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk

2012-09-20 06:46 - 2012-09-20 06:46 - 00000000 ____D C:\Program Files\HitmanPro

2012-09-20 06:45 - 2012-09-20 06:45 - 00000000 ____D C:\Users\All Users\HitmanPro

2012-09-20 02:31 - 2012-09-20 02:33 - 00000000 ____D C:\Users\Public\Desktop\CC Support

2012-09-19 18:01 - 2012-09-19 18:02 - 00000000 ____D C:\FRST

2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job

2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job

2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt

2012-09-18 04:55 - 2012-09-18 04:55 - 00000000 ____D C:\Users\Anne Grete\Desktop\Ny mappe

2012-09-17 12:40 - 2012-09-17 12:32 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe

2012-09-15 11:54 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe

2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log

2012-09-15 08:48 - 2012-09-15 08:34 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe

2012-09-15 08:31 - 2012-09-20 07:24 - 00002072 ____A C:\Windows\setupact.log

2012-09-15 08:31 - 2012-09-18 09:28 - 00004504 ____A C:\Windows\PFRO.log

2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log

2012-09-15 00:29 - 2012-09-17 12:33 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe

2012-09-14 23:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-14 23:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-14 23:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-14 23:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-14 23:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-14 23:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-14 23:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-14 23:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-14 23:31 - 2012-09-18 07:01 - 00000000 ____D C:\Qoobox

2012-09-14 23:31 - 2012-09-18 06:59 - 00000000 ____D C:\Windows\erdnt

2012-09-14 22:29 - 2012-09-16 12:48 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-14 22:29 - 2012-09-07 07:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-10 11:20 - 2012-09-16 12:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\Malwarebytes

2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-09-10 10:56 - 2012-09-18 10:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com

2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com

2012-09-08 10:33 - 2012-09-11 11:13 - 00000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm

2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm

2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Oreokake _ Recept

2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Chokladkaka _ Recept

2012-08-23 04:06 - 2012-08-23 04:06 - 00000000 ____D C:\Users\Anne Grete\AppData\Local\Macromedia

2012-08-23 04:03 - 2012-09-20 09:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-23 04:03 - 2012-08-23 10:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-23 04:03 - 2012-08-23 04:03 - 00000000 ____D C:\Windows\System32\Macromed

2012-08-22 05:10 - 2012-09-05 04:30 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe

==================== 3 Months Modified Files ==================

2012-09-20 09:52 - 2012-08-23 04:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-09-20 08:57 - 2012-08-16 22:47 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-09-20 07:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-09-20 07:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-09-20 07:29 - 2012-08-16 22:47 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-09-20 07:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-09-20 07:27 - 2009-07-13 21:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-09-20 07:24 - 2012-09-15 08:31 - 00002072 ____A C:\Windows\setupact.log

2012-09-20 06:46 - 2012-09-20 06:46 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk

2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk

2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job

2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job

2012-09-18 09:28 - 2012-09-15 08:31 - 00004504 ____A C:\Windows\PFRO.log

2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt

2012-09-18 06:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-09-17 12:33 - 2012-09-15 00:29 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe

2012-09-17 12:32 - 2012-09-17 12:40 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe

2012-09-16 12:48 - 2012-09-14 22:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-15 11:48 - 2011-06-01 12:05 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log

2012-09-15 08:34 - 2012-09-15 08:48 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe

2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log

2012-09-07 10:11 - 2012-08-10 08:09 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForAnne Grete.job

2012-09-07 07:04 - 2012-09-14 22:29 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-09-05 04:30 - 2012-08-22 05:10 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-09-05 04:30 - 2010-10-23 03:21 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2012-09-05 00:58 - 2012-08-16 22:51 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2012-09-04 08:25 - 2011-04-27 11:58 - 00000350 ____A C:\Windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job

2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm

2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm

2012-08-23 10:52 - 2012-08-23 04:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-23 10:52 - 2011-07-13 23:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe

2012-08-15 23:32 - 2009-07-13 20:45 - 00426408 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-30 03:32 - 2012-07-30 03:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2012-07-18 09:31 - 2012-08-14 09:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-06 12:06 - 2012-08-15 12:21 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys

2012-07-06 12:06 - 2012-08-15 12:21 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS

2012-07-04 14:04 - 2012-08-14 09:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll

2012-07-04 14:01 - 2012-08-14 09:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll

2012-07-04 14:01 - 2012-08-14 09:57 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll

2012-07-04 13:26 - 2012-08-14 09:57 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2012-07-04 13:23 - 2012-08-14 09:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2012-06-28 20:55 - 2012-08-15 12:19 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-28 20:09 - 2012-08-15 12:19 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-28 19:56 - 2012-08-15 12:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-28 19:49 - 2012-08-15 12:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-28 19:49 - 2012-08-15 12:19 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-28 19:48 - 2012-08-15 12:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-28 19:47 - 2012-08-15 12:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-28 19:45 - 2012-08-15 12:19 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-28 19:44 - 2012-08-15 12:19 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-28 19:43 - 2012-08-15 12:19 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-28 19:42 - 2012-08-15 12:19 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-28 19:40 - 2012-08-15 12:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-28 19:39 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-28 19:35 - 2012-08-15 12:19 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-28 16:52 - 2012-08-15 12:19 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-28 16:27 - 2012-08-15 12:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-28 16:16 - 2012-08-15 12:19 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-28 16:09 - 2012-08-15 12:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-28 16:09 - 2012-08-15 12:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-28 16:08 - 2012-08-15 12:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-28 16:07 - 2012-08-15 12:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-28 16:06 - 2012-08-15 12:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-28 16:04 - 2012-08-15 12:19 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-28 16:04 - 2012-08-15 12:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-28 16:01 - 2012-08-15 12:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-28 16:01 - 2012-08-15 12:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-28 16:00 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-28 15:57 - 2012-08-15 12:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

 

==================== Known DLLs (Whitelisted) =================

 

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe =&--#62; MD5 is legit

C:\Windows\System32\wininit.exe =&--#62; MD5 is legit

C:\Windows\SysWOW64\wininit.exe =&--#62; MD5 is legit

C:\Windows\explorer.exe =&--#62; MD5 is legit

C:\Windows\SysWOW64\explorer.exe =&--#62; MD5 is legit

C:\Windows\System32\svchost.exe =&--#62; MD5 is legit

C:\Windows\SysWOW64\svchost.exe =&--#62; MD5 is legit

C:\Windows\System32\services.exe =&--#62; MD5 is legit

C:\Windows\System32\User32.dll =&--#62; MD5 is legit

C:\Windows\SysWOW64\User32.dll =&--#62; MD5 is legit

C:\Windows\System32\userinit.exe =&--#62; MD5 is legit

C:\Windows\SysWOW64\userinit.exe =&--#62; MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys =&--#62; MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile =&--#62; OK

HKLM\...\exefile\DefaultIcon: %1 =&--#62; OK

HKLM\...\exefile\open\command: "%1" %* =&--#62; OK

==================== Restore Points =========================

Restore point made on: 2012-09-10 07:51:10

Restore point made on: 2012-09-10 07:52:22

Restore point made on: 2012-09-10 13:54:08

Restore point made on: 2012-09-14 22:08:01

Restore point made on: 2012-09-14 22:09:14

Restore point made on: 2012-09-15 00:25:32

==================== Memory info ===========================

Percentage of memory in use: 19%

Total physical RAM: 3957.86 MB

Available physical RAM: 3200.23 MB

Total Pagefile: 3956.01 MB

Available Pagefile: 3203.14 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:444.62 GB) (Free:380.34 GB) NTFS ==&--#62;[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:20.85 GB) (Free:3.03 GB) NTFS ==&--#62;[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

6 Drive i: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:838.44 GB) NTFS

7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==&--#62;[system with boot components (obtained from reading drive)]

Disknr. Status Str. Ledig Dyn GPT

-------- ------------- ------- ------- --- ---

Disk 0 Tilkoblet 465 G byte 0 byte

Disk 1 Intet medium 0 byte 0 byte

Disk 2 Tilkoblet 931 G byte 0 byte

Forlater DiskPart...

Partitions of Disk 0:

===============

Disk 0 er n† den valgte disken.

Partisjonsnr. Type Str. Forskyvning

------------- ---------------- ------- -----------

Partisjon 1 Prim‘r 199 M 1024 K byte

Partisjon 2 Prim‘r 444 G 200 M byte

Partisjon 3 Prim‘r 20 G 444 G byte

Partisjon 4 Prim‘r 103 M 465 G byte

Forlater DiskPart...

==================================================================================

Disk: 0

Disk 0 er n† den valgte disken.

Partisjonen 1 er n† den valgte partisjonen.

Partisjon 1

Type : 07

Skjult: Nei

Aktiv : Ja

Forskyvning i byte: 1048576

Volumnr. Bks Etikett Fs Type Str. Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volum 1 Y SYSTEM NTFS Partisjon 199 M OK

Forlater DiskPart...

=========================================================

Disk: 0

Disk 0 er n† den valgte disken.

Partisjonen 2 er n† den valgte partisjonen.

Partisjon 2

Type : 07

Skjult: Nei

Aktiv : Nei

Forskyvning i byte: 209715200

Volumnr. Bks Etikett Fs Type Str. Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volum 2 C NTFS Partisjon 444 G OK

Forlater DiskPart...

=========================================================

Disk: 0

Disk 0 er n† den valgte disken.

Partisjonen 3 er n† den valgte partisjonen.

Partisjon 3

Type : 07

Skjult: Nei

Aktiv : Nei

Forskyvning i byte: 477611687936

Volumnr. Bks Etikett Fs Type Str. Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volum 3 E RECOVERY NTFS Partisjon 20 G OK

Forlater DiskPart...

=========================================================

Disk: 0

Disk 0 er n† den valgte disken.

Partisjonen 4 er n† den valgte partisjonen.

Partisjon 4

Type : 0C

Skjult: Nei

Aktiv : Nei

Forskyvning i byte: 499998785536

Volumnr. Bks Etikett Fs Type Str. Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volum 4 F HP_TOOLS FAT32 Partisjon 103 M OK

Forlater DiskPart...

=========================================================

Partitions of Disk 2:

===============

Disk 2 er n† den valgte disken.

Partisjonsnr. Type Str. Forskyvning

------------- ---------------- ------- -----------

Partisjon 1 Prim‘r 931 G 31 K byte

Forlater DiskPart...

==================================================================================

Disk: 2

Disk 2 er n† den valgte disken.

Partisjonen 1 er n† den valgte partisjonen.

Partisjon 1

Type : 07

Skjult: Nei

Aktiv : Nei

Forskyvning i byte: 32256

Volumnr. Bks Etikett Fs Type Str. Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volum 6 I Iomega HDD NTFS Partisjon 931 G OK

Forlater DiskPart...

=========================================================

Last Boot: 2012-09-16 00:07

==================== End Of Log =============================

 

 

 

 

Fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-09-2012

Ran by SYSTEM at 2012-09-20 20:55:09 Run:1

Running from I:\

==============================================

 

========================= Folder: C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} ========================

2012-09-08 10:33 - 2012-09-08 10:32 - 0021494 ____A () C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\0x0409.ini

2012-09-08 10:33 - 2012-09-08 10:33 - 47848756 ____A () C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\HP Support Assistant.msi

====== End of Folder: ======

==== End of Fixlog ====

 

 

 

Håper at jeg gjorde det riktig med notepad-fila.

Endret av paba
Lenke til kommentar

Det er håp i den forstand at du kan ta backup av det som trengs og gjenopprette pc'en.

 

Combofix påstår at services.exe er infisert, sammen med at nettverk ikke virker og cryptographic service ikke virker, så vil jeg anta at datamaskinen er infisert av Rootkit/Zeroaccess. Samtidig viser ikke frst loggen at datamaskinen er infisert, derfor vet jeg egentlig ikke hva som foregår og har ingen løsning for å løse problemet manuelt.

 

Ønsker du å lage en bootbar cd eller usb for å kjøre en av de utallige rescue løsningene som finnes? Du må i tilfelle opplyse om du ønsker cd eller usb. Har du mulighet til å brenne en cd? Evt. kan minnepennen tømmes for data?

Lenke til kommentar

Jeg kan brenne cd på den andre pc`n vi har, eller så kan jeg tømme minnepennen. Hvor stor må minnepennen være?

 

Hva er å foretrekke? Jeg bruker den metoden du mener er enklest/best.

 

Tror vel en må satse på gjenoppretting nå, da lite annet fungerer. Synn at du må bruke så mye tid på det da.

Lenke til kommentar
Synn at du må bruke så mye tid på det da.

Ikke noe problem.

 

Jeg synes bare det er rart at combofix rapporterer infeksjon på filen og ikke frst. Mulig denne varianten av Zeroaccess har ny start prosedyre som frst ikke sjekker ennå. Jeg tviler på at combofix rapporterer feil.

 

Jeg tror minnepennen må være på minst 256Mb. Det er lurt å kopiere innholdet på den over på den andre pc'en siden det kan bli slettet ved å lage oppstarts usb av den.

 

Jeg foreslår å bruke Dr.Web sin løsning:

ftp://ftp.drweb.com/pub/drweb/liveusb/win/drwebliveusb.exe

 

Last ned og kjør, det bør være rimelig selvforklarende. Når den er ferdig laget så setter du den i den infserte pc'en og under oppstart ser du etter om det står noe du skal trykke på for å komme til "boot menu". Hvis det ikke står noe trykker du Esc under oppstarten (før windows). Kanskje maskinen automatisk vil boote fra den. Evt. post nøyaktig modell så kan jeg finne ut riktig prosedyre.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...